mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10
This commit is contained in:
Dave Bartolomeo
@@ -4,3 +4,4 @@ groups:
|
||||
- examples
|
||||
dependencies:
|
||||
codeql/javascript-all: ${workspace}
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -8,3 +8,4 @@ groups:
|
||||
- experimental
|
||||
dependencies:
|
||||
codeql/javascript-all: ${workspace}
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -6,3 +6,4 @@ groups:
|
||||
- experimental
|
||||
mlModels:
|
||||
- "resources/*.codeqlmodel"
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -8,3 +8,4 @@ groups:
|
||||
dependencies:
|
||||
codeql/javascript-experimental-atm-lib: ${workspace}
|
||||
codeql/javascript-experimental-atm-model: "0.3.1-2023-03-01-12h42m43s.strong-turtle-1xp3dqvv.ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5"
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -10,3 +10,4 @@ groups:
|
||||
dependencies:
|
||||
codeql/javascript-experimental-atm-lib: ${workspace}
|
||||
codeql/javascript-experimental-atm-model: "0.3.1-2023-03-01-12h42m43s.strong-turtle-1xp3dqvv.ecb17d40286d14132b481c065a43459a7f0ba9059015b7a49c909c9f9ce5fec5"
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -2,3 +2,4 @@ name: codeql/javascript-experimental-atm-tests
|
||||
extractor: javascript
|
||||
dependencies:
|
||||
codeql/javascript-experimental-atm-model-building: ${workspace}
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
dependencies:
|
||||
codeql/javascript-all: '*'
|
||||
codeql/javascript-queries: '*'
|
||||
warnOnImplicitThis: true
|
||||
|
||||
4
javascript/ql/lib/change-notes/2023-06-22-webix.md
Normal file
4
javascript/ql/lib/change-notes/2023-06-22-webix.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the Webix Framework.
|
||||
@@ -134,6 +134,7 @@ import semmle.javascript.frameworks.TrustedTypes
|
||||
import semmle.javascript.frameworks.UriLibraries
|
||||
import semmle.javascript.frameworks.Vue
|
||||
import semmle.javascript.frameworks.Vuex
|
||||
import semmle.javascript.frameworks.Webix
|
||||
import semmle.javascript.frameworks.WebSocket
|
||||
import semmle.javascript.frameworks.XmlParsers
|
||||
import semmle.javascript.frameworks.xUnit
|
||||
|
||||
@@ -6,6 +6,7 @@ extractor: javascript
|
||||
library: true
|
||||
upgrades: upgrades
|
||||
dependencies:
|
||||
codeql/mad: ${workspace}
|
||||
codeql/regex: ${workspace}
|
||||
codeql/tutorial: ${workspace}
|
||||
codeql/util: ${workspace}
|
||||
|
||||
@@ -96,7 +96,10 @@ private class ExtendCallDeep extends ExtendCall {
|
||||
callee = LodashUnderscore::member("merge") or
|
||||
callee = LodashUnderscore::member("mergeWith") or
|
||||
callee = LodashUnderscore::member("defaultsDeep") or
|
||||
callee = AngularJS::angular().getAPropertyRead("merge")
|
||||
callee = AngularJS::angular().getAPropertyRead("merge") or
|
||||
callee =
|
||||
[DataFlow::moduleImport("webix"), DataFlow::globalVarRef("webix")]
|
||||
.getAPropertyRead(["extend", "copy"])
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -69,7 +69,6 @@ module InclusionTest {
|
||||
inner.getContainerNode().getALocalSource() = DataFlow::parameterNode(callee.getAParameter())
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getContainerNode() {
|
||||
exists(int arg |
|
||||
inner.getContainerNode().getALocalSource() =
|
||||
@@ -78,7 +77,6 @@ module InclusionTest {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getContainedNode() {
|
||||
exists(int arg |
|
||||
inner.getContainedNode().getALocalSource() =
|
||||
|
||||
@@ -67,7 +67,6 @@ module StringOps {
|
||||
inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getAParameter()
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getBaseString() {
|
||||
exists(int arg |
|
||||
inner.getBaseString().getALocalSource().getEnclosingExpr() = callee.getParameter(arg) and
|
||||
@@ -75,7 +74,6 @@ module StringOps {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getSubstring() {
|
||||
exists(int arg |
|
||||
inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getParameter(arg) and
|
||||
@@ -294,7 +292,6 @@ module StringOps {
|
||||
inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getAParameter()
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getBaseString() {
|
||||
exists(int arg |
|
||||
inner.getBaseString().getALocalSource().getEnclosingExpr() = callee.getParameter(arg) and
|
||||
@@ -302,7 +299,6 @@ module StringOps {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[assume_small_delta]
|
||||
override DataFlow::Node getSubstring() {
|
||||
exists(int arg |
|
||||
inner.getSubstring().getALocalSource().getEnclosingExpr() = callee.getParameter(arg) and
|
||||
|
||||
@@ -289,7 +289,8 @@ module Vuex {
|
||||
or
|
||||
exists(string base, string prop |
|
||||
result = stateRefByAccessPath(base).getMember(prop) and
|
||||
path = appendToNamespace(base, prop)
|
||||
path = appendToNamespace(base, prop) and
|
||||
path.length() < 100
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
23
javascript/ql/lib/semmle/javascript/frameworks/Webix.qll
Normal file
23
javascript/ql/lib/semmle/javascript/frameworks/Webix.qll
Normal file
@@ -0,0 +1,23 @@
|
||||
/**
|
||||
* Provides classes and predicates for working with the `webix` library.
|
||||
*/
|
||||
|
||||
private import javascript
|
||||
|
||||
/**
|
||||
* Provides classes and predicates for working with the `webix` library.
|
||||
*/
|
||||
module Webix {
|
||||
/** The global variable `webix` as an entry point for API graphs. */
|
||||
private class WebixGlobalEntry extends API::EntryPoint {
|
||||
WebixGlobalEntry() { this = "WebixGlobalEntry" }
|
||||
|
||||
override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("webix") }
|
||||
}
|
||||
|
||||
/** Gets a reference to the Webix package. */
|
||||
API::Node webix() {
|
||||
result = API::moduleImport("webix") or
|
||||
result = any(WebixGlobalEntry w).getANode()
|
||||
}
|
||||
}
|
||||
@@ -643,6 +643,15 @@ module ModelOutput {
|
||||
baseNode = getInvocationFromPath(type, path)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if a `baseNode` is a callable identified by the `type,path` part of a summary row.
|
||||
*/
|
||||
cached
|
||||
predicate resolvedSummaryRefBase(string type, string path, API::Node baseNode) {
|
||||
summaryModel(type, path, _, _, _) and
|
||||
baseNode = getNodeFromPath(type, path)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is seen as an instance of `type` due to a type definition
|
||||
* contributed by a CSV model.
|
||||
@@ -653,6 +662,17 @@ module ModelOutput {
|
||||
|
||||
import Cached
|
||||
import Specific::ModelOutputSpecific
|
||||
private import codeql.mad.ModelValidation as SharedModelVal
|
||||
|
||||
private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
|
||||
predicate summaryKind(string kind) { summaryModel(_, _, _, _, kind) }
|
||||
|
||||
predicate sinkKind(string kind) { sinkModel(_, _, kind) }
|
||||
|
||||
predicate sourceKind(string kind) { sourceModel(_, _, kind) }
|
||||
}
|
||||
|
||||
private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
|
||||
|
||||
/**
|
||||
* Gets an error message relating to an invalid CSV row in a model.
|
||||
@@ -698,5 +718,8 @@ module ModelOutput {
|
||||
not isValidNoArgumentTokenInIdentifyingAccessPath(token.getName()) and
|
||||
result = "Invalid token '" + token + "' is missing its arguments, in access path: " + path
|
||||
)
|
||||
or
|
||||
// Check for invalid model kinds
|
||||
result = KindVal::getInvalidModelKind()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,6 +15,14 @@ private class DangerousPrefix extends string {
|
||||
this = "<!--" or
|
||||
this = "<" + ["iframe", "script", "cript", "scrip", "style"]
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a character that is important to the dangerous prefix.
|
||||
* That is, a char that should be mentioned in a regular expression that explicitly sanitizes the dangerous prefix.
|
||||
*/
|
||||
string getAnImportantChar() {
|
||||
if this = ["/..", "../"] then result = ["/", "."] else result = "<"
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -62,7 +70,11 @@ private DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm
|
||||
*/
|
||||
private DangerousPrefix getADangerousMatchedPrefix(EmptyReplaceRegExpTerm t) {
|
||||
result = getADangerousMatchedPrefixSubstring(t) and
|
||||
not exists(EmptyReplaceRegExpTerm pred | pred = t.getPredecessor+() and not pred.isNullable())
|
||||
not exists(EmptyReplaceRegExpTerm pred | pred = t.getPredecessor+() and not pred.isNullable()) and
|
||||
// the regex must explicitly mention a char important to the prefix.
|
||||
forex(string char | char = result.getAnImportantChar() |
|
||||
t.getRootTerm().getAChild*().(RegExpConstant).getValue().matches("%" + char + "%")
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -120,6 +120,22 @@ module TaintedObject {
|
||||
override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity }
|
||||
}
|
||||
|
||||
/** A guard that checks whether an input a valid string identifier using `mongoose.Types.ObjectId.isValid` */
|
||||
class ObjectIdGuard extends SanitizerGuard instanceof API::CallNode {
|
||||
ObjectIdGuard() {
|
||||
this =
|
||||
API::moduleImport("mongoose")
|
||||
.getMember("Types")
|
||||
.getMember("ObjectId")
|
||||
.getMember("isValid")
|
||||
.getACall()
|
||||
}
|
||||
|
||||
override predicate sanitizes(boolean outcome, Expr e, FlowLabel lbl) {
|
||||
e = super.getAnArgument().asExpr() and outcome = true and lbl = label()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A sanitizer guard that validates an input against a JSON schema.
|
||||
*/
|
||||
|
||||
@@ -312,6 +312,13 @@ module CodeInjection {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A value interpreted as code by the `webix` library.
|
||||
*/
|
||||
class WebixExec extends Sink {
|
||||
WebixExec() { this = Webix::webix().getMember("exec").getParameter(0).asSink() }
|
||||
}
|
||||
|
||||
/** A sink for code injection via template injection. */
|
||||
abstract private class TemplateSink extends Sink {
|
||||
deprecated override string getMessageSuffix() {
|
||||
@@ -419,6 +426,18 @@ module CodeInjection {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A value interpreted as a template by the `webix` library.
|
||||
*/
|
||||
class WebixTemplateSink extends TemplateSink {
|
||||
WebixTemplateSink() {
|
||||
this = Webix::webix().getMember("ui").getParameter(0).getMember("template").asSink()
|
||||
or
|
||||
this =
|
||||
Webix::webix().getMember("ui").getParameter(0).getMember("template").getReturn().asSink()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to JSON.stringify() seen as a sanitizer.
|
||||
*/
|
||||
|
||||
@@ -171,5 +171,9 @@ module PrototypePollution {
|
||||
call.isDeep() and
|
||||
call = AngularJS::angular().getAMemberCall("merge") and
|
||||
id = "angular"
|
||||
or
|
||||
call.isDeep() and
|
||||
call = Webix::webix().getMember(["extend", "copy"]).getACall() and
|
||||
id = "webix"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -117,7 +117,6 @@ module SecondOrderCommandInjection {
|
||||
int cmdIndex;
|
||||
int argIndex;
|
||||
|
||||
pragma[assume_small_delta]
|
||||
IndirectCmdFunc() {
|
||||
exists(CommandExecutingCall call |
|
||||
this.getParameter(cmdIndex).flowsTo(call.getCommandArg()) and
|
||||
|
||||
@@ -4,16 +4,16 @@
|
||||
<qhelp>
|
||||
|
||||
<overview>
|
||||
<p>Extracting files from a malicious zip archive without validating that the destination file path
|
||||
is within the destination directory can cause files outside the destination directory to be
|
||||
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
|
||||
<p>Extracting files from a malicious zip file, or similar type of archive,
|
||||
is at risk of directory traversal attacks if filenames from the archive are
|
||||
not properly validated.
|
||||
archive paths.</p>
|
||||
|
||||
<p>Zip archives contain archive entries representing each file in the archive. These entries
|
||||
include a file path for the entry, but these file paths are not restricted and may contain
|
||||
unexpected special elements such as the directory traversal element (<code>..</code>). If these
|
||||
file paths are used to determine an output file to write the contents of the archive item to, then
|
||||
the file may be written to an unexpected location. This can result in sensitive information being
|
||||
file paths are used to create a filesystem path, then a file operation may happen in an
|
||||
unexpected location. This can result in sensitive information being
|
||||
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
|
||||
files.</p>
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/**
|
||||
* @name Arbitrary file write during zip extraction ("Zip Slip")
|
||||
* @description Extracting files from a malicious zip archive without validating that the
|
||||
* destination file path is within the destination directory can cause files outside
|
||||
* the destination directory to be overwritten.
|
||||
* @name Arbitrary file access during archive extraction ("Zip Slip")
|
||||
* @description Extracting files from a malicious ZIP file, or similar type of archive, without
|
||||
* validating that the destination file path is within the destination directory
|
||||
* can allow an attacker to unexpectedly gain access to resources.
|
||||
* @kind path-problem
|
||||
* @id js/zipslip
|
||||
* @problem.severity error
|
||||
|
||||
@@ -7,4 +7,4 @@ jobs:
|
||||
- env:
|
||||
BODY: ${{ github.event.issue.body }}
|
||||
run: |
|
||||
echo '$BODY'
|
||||
echo "$BODY"
|
||||
|
||||
@@ -21,6 +21,23 @@
|
||||
</p>
|
||||
</recommendation>
|
||||
|
||||
<example>
|
||||
<p>
|
||||
The following code example connects to an HTTP request using an hard-codes authentication header:
|
||||
</p>
|
||||
|
||||
<sample src="examples/HardcodedCredentialsHttpRequest.js"/>
|
||||
|
||||
<p>
|
||||
Instead, user name and password can be supplied through the environment variables
|
||||
<code>username</code> and <code>password</code>, which can be set externally without hard-coding
|
||||
credentials in the source code.
|
||||
</p>
|
||||
|
||||
<sample src="examples/HardcodedCredentialsHttpRequestFixed.js"/>
|
||||
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<p>
|
||||
The following code example connects to a Postgres database using the <code>pg</code> package
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
let base64 = require('base-64');
|
||||
|
||||
let url = 'http://example.org/auth';
|
||||
let username = 'user';
|
||||
let password = 'passwd';
|
||||
|
||||
let headers = new Headers();
|
||||
|
||||
headers.append('Content-Type', 'text/json');
|
||||
headers.append('Authorization', 'Basic' + base64.encode(username + ":" + password));
|
||||
|
||||
fetch(url, {
|
||||
method:'GET',
|
||||
headers: headers
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(json => console.log(json))
|
||||
.done();
|
||||
@@ -0,0 +1,18 @@
|
||||
let base64 = require('base-64');
|
||||
|
||||
let url = 'http://example.org/auth';
|
||||
let username = process.env.USERNAME;
|
||||
let password = process.env.PASSWORD;
|
||||
|
||||
let headers = new Headers();
|
||||
|
||||
headers.append('Content-Type', 'text/json');
|
||||
headers.append('Authorization', 'Basic' + base64.encode(username + ":" + password));
|
||||
|
||||
fetch(url, {
|
||||
method:'GET',
|
||||
headers: headers
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(json => console.log(json))
|
||||
.done();
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`js/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
|
||||
@@ -1,7 +0,0 @@
|
||||
commandInjectionSinks
|
||||
| execa.example.js:2:7:2:9 | cmd |
|
||||
sqlInjectionSinks
|
||||
| connection.example.ts:4:20:4:20 | q |
|
||||
| connection.example.ts:9:18:9:18 | q |
|
||||
remoteFlowSources
|
||||
| message.example.js:1:46:1:50 | event |
|
||||
@@ -1,11 +0,0 @@
|
||||
import javascript
|
||||
private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
|
||||
private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
|
||||
|
||||
query predicate commandInjectionSinks(DataFlow::Node node) {
|
||||
node instanceof CommandInjection::Sink
|
||||
}
|
||||
|
||||
query predicate sqlInjectionSinks(DataFlow::Node node) { node instanceof SqlInjection::Sink }
|
||||
|
||||
query predicate remoteFlowSources(RemoteFlowSource node) { any() }
|
||||
@@ -0,0 +1,2 @@
|
||||
| connection.example.ts:4:20:4:20 | q |
|
||||
| connection.example.ts:9:18:9:18 | q |
|
||||
@@ -0,0 +1,4 @@
|
||||
import javascript
|
||||
private import semmle.javascript.security.dataflow.SqlInjectionCustomizations
|
||||
|
||||
query predicate sqlInjectionSinks(DataFlow::Node node) { node instanceof SqlInjection::Sink }
|
||||
@@ -0,0 +1 @@
|
||||
| execa.example.js:2:7:2:9 | cmd |
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/javascript-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["@example/execa", "Member[shell].Argument[0]", "command-injection"]
|
||||
@@ -1,10 +0,0 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/javascript-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- [
|
||||
"@example/execa",
|
||||
"Member[shell].Argument[0]",
|
||||
"command-injection",
|
||||
]
|
||||
6
javascript/ql/test/library-tests/DataExtensions/execa.ql
Normal file
6
javascript/ql/test/library-tests/DataExtensions/execa.ql
Normal file
@@ -0,0 +1,6 @@
|
||||
import javascript
|
||||
private import semmle.javascript.security.dataflow.CommandInjectionCustomizations
|
||||
|
||||
query predicate commandInjectionSinks(DataFlow::Node node) {
|
||||
node instanceof CommandInjection::Sink
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
| message.example.js:1:46:1:50 | event |
|
||||
| message.example.js:2:16:2:25 | event.data |
|
||||
@@ -6,5 +6,5 @@ extensions:
|
||||
- [
|
||||
"global",
|
||||
"Member[addEventListener].WithStringArgument[0=message].Argument[1].Parameter[0].Member[data]",
|
||||
"remote-flow",
|
||||
"remote",
|
||||
]
|
||||
@@ -0,0 +1,3 @@
|
||||
import javascript
|
||||
|
||||
query predicate remoteFlowSources(RemoteFlowSource node) { any() }
|
||||
@@ -5,6 +5,4 @@ dependencies:
|
||||
codeql/javascript-queries: ${workspace}
|
||||
extractor: javascript
|
||||
tests: .
|
||||
dataExtensions:
|
||||
- library-tests/DataExtensions/*.model.yml
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
| mongoose.js:63:2:63:34 | Documen ... then(X) |
|
||||
| mongoose.js:65:2:65:51 | Documen ... on(){}) |
|
||||
| mongoose.js:67:2:68:27 | new Mon ... on(){}) |
|
||||
| mongoose.js:71:5:78:9 | Documen ... .exec() |
|
||||
| mongoose.js:71:2:78:9 | Documen ... .exec() |
|
||||
| mongoose.js:85:2:85:52 | Documen ... query)) |
|
||||
| mongoose.js:86:2:86:52 | Documen ... query)) |
|
||||
| mongoose.js:87:2:87:57 | Documen ... query)) |
|
||||
@@ -42,6 +42,8 @@
|
||||
| mongoose.js:97:2:97:52 | Documen ... query)) |
|
||||
| mongoose.js:99:2:99:50 | Documen ... query)) |
|
||||
| mongoose.js:113:2:113:53 | Documen ... () { }) |
|
||||
| mongoose.js:134:3:134:52 | Documen ... on(){}) |
|
||||
| mongoose.js:136:3:136:52 | Documen ... on(){}) |
|
||||
| mysql.js:8:9:11:47 | connect ... ds) {}) |
|
||||
| mysql.js:14:9:16:47 | connect ... ds) {}) |
|
||||
| mysql.js:19:9:20:48 | connect ... ds) {}) |
|
||||
|
||||
@@ -174,38 +174,38 @@ nodes
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title |
|
||||
| mongodb_bodySafe.js:29:16:29:20 | query |
|
||||
| mongodb_bodySafe.js:29:16:29:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query |
|
||||
| mongoose.js:20:19:20:20 | {} |
|
||||
| mongoose.js:21:19:21:26 | req.body |
|
||||
| mongoose.js:21:19:21:26 | req.body |
|
||||
| mongoose.js:21:19:21:32 | req.body.title |
|
||||
| mongoose.js:24:24:24:30 | [query] |
|
||||
| mongoose.js:24:24:24:30 | [query] |
|
||||
| mongoose.js:24:25:24:29 | query |
|
||||
| mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:20:8:20:17 | query |
|
||||
| mongoose.js:20:16:20:17 | {} |
|
||||
| mongoose.js:21:16:21:23 | req.body |
|
||||
| mongoose.js:21:16:21:23 | req.body |
|
||||
| mongoose.js:21:16:21:29 | req.body.title |
|
||||
| mongoose.js:24:21:24:27 | [query] |
|
||||
| mongoose.js:24:21:24:27 | [query] |
|
||||
| mongoose.js:24:22:24:26 | query |
|
||||
| mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:65:32:65:36 | query |
|
||||
@@ -214,10 +214,10 @@ nodes
|
||||
| mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:74:7:74:11 | query |
|
||||
@@ -283,6 +283,8 @@ nodes
|
||||
| mongoose.js:130:16:130:26 | { _id: id } |
|
||||
| mongoose.js:130:16:130:26 | { _id: id } |
|
||||
| mongoose.js:130:23:130:24 | id |
|
||||
| mongoose.js:136:30:136:34 | query |
|
||||
| mongoose.js:136:30:136:34 | query |
|
||||
| mongooseJsonParse.js:19:11:19:20 | query |
|
||||
| mongooseJsonParse.js:19:19:19:20 | {} |
|
||||
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) |
|
||||
@@ -623,143 +625,147 @@ edges
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:24:25:24:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:20:11:20:20 | query | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:20:19:20:20 | {} | mongoose.js:20:11:20:20 | query |
|
||||
| mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
|
||||
| mongoose.js:21:19:21:26 | req.body | mongoose.js:21:19:21:32 | req.body.title |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:11:20:20 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:20:19:20:20 | {} |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:24:25:24:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:27:20:27:24 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:30:25:30:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:33:24:33:28 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:36:31:36:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:39:19:39:23 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:42:22:42:26 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:45:31:45:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:48:31:48:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:51:31:51:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:54:25:54:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:57:21:57:25 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:60:25:60:29 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:71:20:71:24 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:72:16:72:20 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:21:19:21:32 | req.body.title | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:24:25:24:29 | query | mongoose.js:24:24:24:30 | [query] |
|
||||
| mongoose.js:24:25:24:29 | query | mongoose.js:24:24:24:30 | [query] |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query |
|
||||
| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query |
|
||||
| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title |
|
||||
| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query |
|
||||
| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] |
|
||||
| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] |
|
||||
| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id |
|
||||
| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id |
|
||||
| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id |
|
||||
@@ -960,39 +966,39 @@ edges
|
||||
| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query object depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value |
|
||||
| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query object depends on a $@. | mongodb.js:107:17:107:29 | queries.title | user-provided value |
|
||||
| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query object depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value |
|
||||
| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value |
|
||||
| mongoose.js:24:21:24:27 | [query] | mongoose.js:21:16:21:23 | req.body | mongoose.js:24:21:24:27 | [query] | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:27:17:27:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:27:17:27:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:30:22:30:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:30:22:30:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:33:21:33:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:33:21:33:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:36:28:36:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:36:28:36:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:39:16:39:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:39:16:39:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:42:19:42:23 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:42:19:42:23 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:45:28:45:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:45:28:45:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:48:28:48:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:48:28:48:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:51:28:51:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:51:28:51:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:54:22:54:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:54:22:54:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:57:18:57:22 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:57:18:57:22 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:60:22:60:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:60:22:60:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:63:21:63:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:63:21:63:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:65:32:65:36 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:65:32:65:36 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:67:27:67:31 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:67:27:67:31 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:68:8:68:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:68:8:68:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:71:17:71:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:71:17:71:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:72:10:72:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:72:10:72:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:73:8:73:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:73:8:73:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:74:7:74:11 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:74:7:74:11 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:75:16:75:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:75:16:75:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:77:10:77:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:77:10:77:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:82:46:82:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:82:46:82:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:83:47:83:51 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:85:46:85:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:85:46:85:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:87:51:87:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:87:51:87:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:89:46:89:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:89:46:89:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:92:46:92:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:92:46:92:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:94:51:94:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:94:51:94:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:96:46:96:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:96:46:96:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:111:14:111:18 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:111:14:111:18 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:113:31:113:35 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:113:31:113:35 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
@@ -1008,6 +1014,7 @@ edges
|
||||
| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value |
|
||||
| mongoose.js:136:30:136:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:136:30:136:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value |
|
||||
| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query object depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value |
|
||||
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query object depends on a $@. | mongooseModelClient.js:12:22:12:29 | req.body | user-provided value |
|
||||
|
||||
@@ -9,57 +9,57 @@ const app = Express();
|
||||
app.use(BodyParser.json());
|
||||
|
||||
const Document = Mongoose.model('Document', {
|
||||
title: {
|
||||
type: String,
|
||||
unique: true
|
||||
},
|
||||
type: String
|
||||
title: {
|
||||
type: String,
|
||||
unique: true
|
||||
},
|
||||
type: String
|
||||
});
|
||||
|
||||
app.post('/documents/find', (req, res) => {
|
||||
const query = {};
|
||||
query.title = req.body.title;
|
||||
const query = {};
|
||||
query.title = req.body.title;
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.aggregate([query]);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.aggregate([query]);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.count(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.count(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.deleteMany(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.deleteMany(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.deleteOne(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.deleteOne(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.distinct('type', query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.distinct('type', query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.find(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.find(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOne(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOne(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndDelete(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndDelete(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndRemove(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndRemove(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndUpdate(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.findOneAndUpdate(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.replaceOne(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.replaceOne(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.update(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.update(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.updateMany(query);
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.updateMany(query);
|
||||
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
// NOT OK: query is tainted by user-provided object value
|
||||
Document.updateOne(query).then(X);
|
||||
|
||||
Document.findByIdAndUpdate(X, query, function(){}); // NOT OK
|
||||
@@ -68,8 +68,8 @@ app.post('/documents/find', (req, res) => {
|
||||
.and(query, function(){}) // NOT OK
|
||||
;
|
||||
|
||||
Document.where(query) // NOT OK - `.where()` on a Model.
|
||||
.where(query) // NOT OK - `.where()` on a Query.
|
||||
Document.where(query) // NOT OK - `.where()` on a Model.
|
||||
.where(query) // NOT OK - `.where()` on a Query.
|
||||
.and(query) // NOT OK
|
||||
.or(query) // NOT OK
|
||||
.distinct(X, query) // NOT OK
|
||||
@@ -97,14 +97,14 @@ app.post('/documents/find', (req, res) => {
|
||||
Document.find(X).then(Y, (err) => err.count(query)); // OK
|
||||
|
||||
Document.count(X, (err, res) => res.count(query)); // OK (res is a number)
|
||||
|
||||
|
||||
function innocent(X, Y, query) { // To detect if API-graphs were used incorrectly.
|
||||
return new Mongoose.Query("constant", "constant", "constant");
|
||||
}
|
||||
new innocent(X, Y, query);
|
||||
|
||||
function getQueryConstructor() {
|
||||
return Mongoose.Query;
|
||||
return Mongoose.Query;
|
||||
}
|
||||
|
||||
var C = getQueryConstructor();
|
||||
@@ -129,4 +129,10 @@ app.post('/documents/find', (req, res) => {
|
||||
Document.updateOne(cond, Y); // NOT OK
|
||||
Document.find({ _id: id }); // NOT OK
|
||||
Document.find({ _id: { $eq: id } }); // OK
|
||||
|
||||
if (Mongoose.Types.ObjectId.isValid(query)) {
|
||||
Document.findByIdAndUpdate(query, X, function(){}); // OK - is sanitized
|
||||
} else {
|
||||
Document.findByIdAndUpdate(query, X, function(){}); // NOT OK
|
||||
}
|
||||
});
|
||||
|
||||
@@ -112,37 +112,37 @@ nodes
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo |
|
||||
| template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo |
|
||||
| template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href |
|
||||
| tst.js:2:6:2:27 | documen ... on.href |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
@@ -181,6 +181,24 @@ nodes
|
||||
| tst.js:35:28:35:33 | source |
|
||||
| tst.js:37:33:37:38 | source |
|
||||
| tst.js:37:33:37:38 | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
edges
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
||||
@@ -246,36 +264,36 @@ edges
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
||||
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
@@ -306,6 +324,12 @@ edges
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
#select
|
||||
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
|
||||
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |
|
||||
@@ -340,20 +364,20 @@ edges
|
||||
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
|
||||
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
|
||||
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | This code execution depends on a $@. | react.js:10:56:10:77 | documen ... on.hash | user-provided value |
|
||||
| template-sinks.js:19:17:19:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:19:17:19:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:20:16:20:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:20:16:20:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:21:18:21:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:21:18:21:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:22:17:22:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:22:17:22:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:23:18:23:24 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:23:18:23:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:24:16:24:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:24:16:24:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:25:27:25:33 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:25:27:25:33 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:26:21:26:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:26:21:26:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:27:17:27:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:27:17:27:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:28:24:28:30 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:28:24:28:30 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:29:21:29:27 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:29:21:29:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:30:19:30:25 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:30:19:30:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:31:16:31:22 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:31:16:31:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:32:17:32:23 | tainted | template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:32:17:32:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:17:19:17:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:20:17:20:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:20:17:20:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:21:16:21:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:21:16:21:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:22:18:22:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:22:18:22:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:23:17:23:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:23:17:23:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:24:18:24:24 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:24:18:24:24 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:25:16:25:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:25:16:25:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:26:27:26:33 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:26:27:26:33 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:27:21:27:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:27:21:27:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:28:17:28:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:28:17:28:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:29:24:29:30 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:29:24:29:30 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:30:21:30:27 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:30:21:30:27 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:31:19:31:25 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:31:19:31:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:32:16:32:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:32:16:32:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:33:17:33:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:33:17:33:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:2:6:2:27 | documen ... on.href | user-provided value |
|
||||
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:5:12:5:33 | documen ... on.hash | user-provided value |
|
||||
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:14:10:14:33 | documen ... .search | user-provided value |
|
||||
@@ -365,3 +389,9 @@ edges
|
||||
| tst.js:33:14:33:19 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:33:14:33:19 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:35:28:35:33 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:35:28:35:33 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:37:33:37:38 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:37:33:37:38 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | This code execution depends on a $@. | webix/webix.html:3:16:3:37 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:4:26:4:47 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:5:47:5:68 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | This code execution depends on a $@. | webix/webix.js:3:12:3:33 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.js:4:22:4:43 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.js:5:43:5:64 | documen ... on.hash | user-provided value |
|
||||
|
||||
@@ -116,37 +116,37 @@ nodes
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| react.js:10:56:10:77 | documen ... on.hash |
|
||||
| template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo |
|
||||
| template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo |
|
||||
| template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href |
|
||||
| tst.js:2:6:2:27 | documen ... on.href |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
@@ -185,6 +185,24 @@ nodes
|
||||
| tst.js:35:28:35:33 | source |
|
||||
| tst.js:37:33:37:38 | source |
|
||||
| tst.js:37:33:37:38 | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
edges
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
|
||||
@@ -254,36 +272,36 @@ edges
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
|
||||
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:19:17:19:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:20:16:20:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:21:18:21:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:22:17:22:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:23:18:23:24 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:24:16:24:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:25:27:25:33 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:26:21:26:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:27:17:27:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:28:24:28:30 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:29:21:29:27 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:30:19:30:25 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:31:16:31:22 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:17:9:17:31 | tainted | template-sinks.js:32:17:32:23 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:17:19:17:31 | req.query.foo | template-sinks.js:17:9:17:31 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
|
||||
@@ -314,5 +332,11 @@ edges
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash |
|
||||
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash |
|
||||
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash |
|
||||
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash |
|
||||
#select
|
||||
| eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value |
|
||||
|
||||
@@ -10,10 +10,11 @@ import * as mustache from 'mustache';
|
||||
const Hogan = require("hogan.js");
|
||||
import * as Eta from 'eta';
|
||||
import * as Sqrl from 'squirrelly'
|
||||
import * as webix from "webix";
|
||||
|
||||
var app = express();
|
||||
|
||||
app.get('/some/path', function(req, res) {
|
||||
app.get('/some/path', function (req, res) {
|
||||
let tainted = req.query.foo;
|
||||
|
||||
pug.compile(tainted); // NOT OK
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
<script src="path/to/webix.js" type="text/javascript" charset="utf-8"></script>
|
||||
<script>
|
||||
webix.exec(document.location.hash); // NOT OK
|
||||
webix.ui({ template: document.location.hash }); // NOT OK
|
||||
webix.ui({ template: function () { return document.location.hash } }); // NOT OK
|
||||
</script>
|
||||
@@ -0,0 +1,5 @@
|
||||
import * as webix from 'webix';
|
||||
|
||||
webix.exec(document.location.hash); // NOT OK
|
||||
webix.ui({ template: document.location.hash }); // NOT OK
|
||||
webix.ui({ template: function () { return document.location.hash } }); // NOT OK
|
||||
@@ -152,4 +152,6 @@
|
||||
n.cloneNode(false).outerHTML.replace(/<\/?[\w:\-]+ ?|=[\"][^\"]+\"|=\'[^\']+\'|=[\w\-]+|>/gi, '').replace(/[\w:\-]+/gi, function(a) { // NOT OK
|
||||
o.push({specified : 1, nodeName : a});
|
||||
});
|
||||
|
||||
content = content.replace(/.+?(?=\s)/, ''); // OK
|
||||
});
|
||||
@@ -17,6 +17,26 @@ nodes
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
|
||||
| webix/webix.html:3:34:3:38 | event |
|
||||
| webix/webix.html:3:34:3:38 | event |
|
||||
| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:4:37:4:41 | event |
|
||||
| webix/webix.html:4:37:4:46 | event.data |
|
||||
| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:5:35:5:39 | event |
|
||||
| webix/webix.html:5:35:5:44 | event.data |
|
||||
| webix/webix.js:3:30:3:34 | event |
|
||||
| webix/webix.js:3:30:3:34 | event |
|
||||
| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:4:33:4:37 | event |
|
||||
| webix/webix.js:4:33:4:42 | event.data |
|
||||
| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:5:31:5:35 | event |
|
||||
| webix/webix.js:5:31:5:40 | event.data |
|
||||
edges
|
||||
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event |
|
||||
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event |
|
||||
@@ -32,8 +52,32 @@ edges
|
||||
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event |
|
||||
| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data |
|
||||
| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data |
|
||||
| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) |
|
||||
| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event |
|
||||
| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event |
|
||||
| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event |
|
||||
| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event |
|
||||
| webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data |
|
||||
| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data |
|
||||
| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) |
|
||||
| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) |
|
||||
#select
|
||||
| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | user-controlled value | angularmerge.js:2:3:2:43 | angular ... .data)) | angular |
|
||||
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | webix/webix.html:3:34:3:38 | event | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.html:3:34:3:38 | event | user-controlled value | webix/webix.html:4:9:4:48 | webix.e ... .data)) | webix |
|
||||
| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | webix/webix.html:3:34:3:38 | event | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.html:3:34:3:38 | event | user-controlled value | webix/webix.html:5:9:5:46 | webix.c ... .data)) | webix |
|
||||
| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | webix/webix.js:3:30:3:34 | event | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.js:3:30:3:34 | event | user-controlled value | webix/webix.js:4:5:4:44 | webix.e ... .data)) | webix |
|
||||
| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | webix/webix.js:3:30:3:34 | event | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.js:3:30:3:34 | event | user-controlled value | webix/webix.js:5:5:5:42 | webix.c ... .data)) | webix |
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
<script src="path/to/webix.js" type="text/javascript" charset="utf-8"></script>
|
||||
<script>
|
||||
addEventListener("message", (event) => {
|
||||
webix.extend({}, JSON.parse(event.data)); // NOT OK
|
||||
webix.copy({}, JSON.parse(event.data)); // NOT OK
|
||||
});
|
||||
</script>
|
||||
@@ -0,0 +1,6 @@
|
||||
import * as webix from "webix";
|
||||
|
||||
addEventListener("message", (event) => {
|
||||
webix.extend({}, JSON.parse(event.data)); // NOT OK
|
||||
webix.copy({}, JSON.parse(event.data)); // NOT OK
|
||||
});
|
||||
Reference in New Issue
Block a user