hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add ClientSideRemoteFlowSource

Browse Source
This commit is contained in:
Asger Feldthaus
2021-01-19 16:45:53 +00:00
parent aa360c0378
commit 2e57a7d3e9
26 changed files with 659 additions and 793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

565
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

File diff suppressed because it is too large Load Diff

360
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -15,8 +15,7 @@ nodes
| addEventListener.js:12:24:12:28 | event |
| addEventListener.js:12:24:12:33 | event.data |
| addEventListener.js:12:24:12:33 | event.data |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() |
| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:24:44:24:69 | this.ro ... .params |
@@ -104,8 +103,7 @@ nodes
| d3.js:21:15:21:24 | getTaint() |
| dates.js:9:9:9:69 | taint |
| dates.js:9:17:9:69 | decodeU ... ing(1)) |
| dates.js:9:36:9:50 | window.location |
| dates.js:9:36:9:50 | window.location |
| dates.js:9:36:9:55 | window.location.hash |
| dates.js:9:36:9:55 | window.location.hash |
| dates.js:9:36:9:68 | window. ... ring(1) |
| dates.js:11:31:11:70 | `Time i ... aint)}` |
@@ -138,8 +136,7 @@ nodes
| express.js:7:15:7:33 | req.param("wobble") |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:33 | document.location |
| jquery.js:2:17:2:33 | document.location |
| jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search |
@@ -156,13 +153,11 @@ nodes
| jquery.js:10:13:10:31 | location.toString() |
| jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:14:38:14:52 | window.location |
| jquery.js:14:38:14:52 | window.location |
| jquery.js:14:38:14:57 | window.location.hash |
| jquery.js:14:38:14:57 | window.location.hash |
| jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:15:38:15:52 | window.location |
| jquery.js:15:38:15:52 | window.location |
| jquery.js:15:38:15:59 | window. ... .search |
| jquery.js:15:38:15:59 | window. ... .search |
| jquery.js:16:19:16:64 | decodeU ... ring()) |
| jquery.js:16:19:16:64 | decodeU ... ring()) |
@@ -189,8 +184,7 @@ nodes
| nodemailer.js:13:50:13:66 | req.query.message |
| nodemailer.js:13:50:13:66 | req.query.message |
| optionalSanitizer.js:2:7:2:39 | target |
| optionalSanitizer.js:2:16:2:32 | document.location |
| optionalSanitizer.js:2:16:2:32 | document.location |
| optionalSanitizer.js:2:16:2:39 | documen ... .search |
| optionalSanitizer.js:2:16:2:39 | documen ... .search |
| optionalSanitizer.js:6:18:6:23 | target |
| optionalSanitizer.js:6:18:6:23 | target |
@@ -203,8 +197,7 @@ nodes
| optionalSanitizer.js:17:20:17:20 | x |
| optionalSanitizer.js:17:20:17:20 | x |
| optionalSanitizer.js:26:7:26:39 | target |
| optionalSanitizer.js:26:16:26:32 | document.location |
| optionalSanitizer.js:26:16:26:32 | document.location |
| optionalSanitizer.js:26:16:26:39 | documen ... .search |
| optionalSanitizer.js:26:16:26:39 | documen ... .search |
| optionalSanitizer.js:31:7:31:23 | tainted2 |
| optionalSanitizer.js:31:18:31:23 | target |
@@ -284,11 +277,9 @@ nodes
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
| sanitiser.js:45:29:45:35 | tainted |
| stored-xss.js:2:39:2:55 | document.location |
| stored-xss.js:2:39:2:55 | document.location |
| stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:3:35:3:51 | document.location |
| stored-xss.js:3:35:3:51 | document.location |
| stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:5:20:5:52 | session ... ssion') |
@@ -302,43 +293,35 @@ nodes
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location |
| string-manipulations.js:5:16:5:32 | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location |
| string-manipulations.js:6:16:6:32 | document.location |
| string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location |
| string-manipulations.js:7:16:7:32 | document.location |
| string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location |
| string-manipulations.js:8:16:8:32 | document.location |
| string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:52 | document.location |
| string-manipulations.js:9:36:9:52 | document.location |
| string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location |
| string-manipulations.js:10:23:10:39 | document.location |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| translate.js:6:7:6:39 | target |
| translate.js:6:16:6:32 | document.location |
| translate.js:6:16:6:32 | document.location |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:7:42:7:47 | target |
| translate.js:7:42:7:60 | target.substring(1) |
@@ -346,8 +329,7 @@ nodes
| translate.js:9:27:9:50 | searchP ... 'term') |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
| tst3.js:2:23:2:74 | decodeU ... str(1)) |
| tst3.js:2:42:2:56 | window.location |
| tst3.js:2:42:2:56 | window.location |
| tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:73 | window. ... bstr(1) |
| tst3.js:4:25:4:28 | data |
@@ -367,8 +349,7 @@ nodes
| tst3.js:10:38:10:43 | data.p |
| tst.js:2:7:2:39 | target |
| tst.js:2:7:2:39 | target |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search |
@@ -376,8 +357,7 @@ nodes
| tst.js:5:18:5:23 | target |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:53 | document.location |
| tst.js:8:37:8:53 | document.location |
| tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:12:5:12:42 | '<div s ... 'px">' |
@@ -394,33 +374,27 @@ nodes
| tst.js:24:14:24:19 | target |
| tst.js:26:18:26:23 | target |
| tst.js:26:18:26:23 | target |
| tst.js:28:5:28:21 | document.location |
| tst.js:28:5:28:21 | document.location |
| tst.js:28:5:28:28 | documen ... .search |
| tst.js:31:10:31:26 | document.location |
| tst.js:31:10:31:26 | document.location |
| tst.js:28:5:28:28 | documen ... .search |
| tst.js:31:10:31:33 | documen ... .search |
| tst.js:31:10:31:33 | documen ... .search |
| tst.js:34:16:34:20 | bar() |
| tst.js:34:16:34:20 | bar() |
| tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:40:20:40:36 | document.location |
| tst.js:40:20:40:36 | document.location |
| tst.js:40:20:40:43 | documen ... .search |
| tst.js:40:20:40:43 | documen ... .search |
| tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:46:21:46:37 | document.location |
| tst.js:46:21:46:37 | document.location |
| tst.js:46:21:46:44 | documen ... .search |
| tst.js:46:21:46:44 | documen ... .search |
| tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:54:21:54:37 | document.location |
| tst.js:54:21:54:37 | document.location |
| tst.js:54:21:54:44 | documen ... .search |
| tst.js:54:21:54:44 | documen ... .search |
| tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:56:21:56:37 | document.location |
| tst.js:56:21:56:37 | document.location |
| tst.js:56:21:56:44 | documen ... .search |
| tst.js:56:21:56:44 | documen ... .search |
| tst.js:58:16:58:32 | wrap(chop(bar())) |
| tst.js:58:16:58:32 | wrap(chop(bar())) |
@@ -429,82 +403,66 @@ nodes
| tst.js:60:34:60:34 | s |
| tst.js:62:18:62:18 | s |
| tst.js:62:18:62:18 | s |
| tst.js:64:25:64:41 | document.location |
| tst.js:64:25:64:41 | document.location |
| tst.js:64:25:64:48 | documen ... .search |
| tst.js:65:25:65:41 | document.location |
| tst.js:65:25:65:41 | document.location |
| tst.js:64:25:64:48 | documen ... .search |
| tst.js:65:25:65:48 | documen ... .search |
| tst.js:65:25:65:48 | documen ... .search |
| tst.js:68:16:68:20 | bar() |
| tst.js:68:16:68:20 | bar() |
| tst.js:70:1:70:27 | [,docum ... search] |
| tst.js:70:3:70:19 | document.location |
| tst.js:70:3:70:19 | document.location |
| tst.js:70:3:70:26 | documen ... .search |
| tst.js:70:3:70:26 | documen ... .search |
| tst.js:70:46:70:46 | x |
| tst.js:73:20:73:20 | x |
| tst.js:73:20:73:20 | x |
| tst.js:77:49:77:65 | document.location |
| tst.js:77:49:77:65 | document.location |
| tst.js:77:49:77:72 | documen ... .search |
| tst.js:77:49:77:72 | documen ... .search |
| tst.js:81:26:81:42 | document.location |
| tst.js:81:26:81:42 | document.location |
| tst.js:77:49:77:72 | documen ... .search |
| tst.js:81:26:81:49 | documen ... .search |
| tst.js:81:26:81:49 | documen ... .search |
| tst.js:81:26:81:49 | documen ... .search |
| tst.js:82:25:82:41 | document.location |
| tst.js:82:25:82:41 | document.location |
| tst.js:82:25:82:48 | documen ... .search |
| tst.js:82:25:82:48 | documen ... .search |
| tst.js:84:33:84:49 | document.location |
| tst.js:84:33:84:49 | document.location |
| tst.js:82:25:82:48 | documen ... .search |
| tst.js:84:33:84:56 | documen ... .search |
| tst.js:84:33:84:56 | documen ... .search |
| tst.js:84:33:84:56 | documen ... .search |
| tst.js:85:32:85:48 | document.location |
| tst.js:85:32:85:48 | document.location |
| tst.js:85:32:85:55 | documen ... .search |
| tst.js:85:32:85:55 | documen ... .search |
| tst.js:90:39:90:55 | document.location |
| tst.js:90:39:90:55 | document.location |
| tst.js:85:32:85:55 | documen ... .search |
| tst.js:90:39:90:62 | documen ... .search |
| tst.js:90:39:90:62 | documen ... .search |
| tst.js:90:39:90:62 | documen ... .search |
| tst.js:96:30:96:46 | document.location |
| tst.js:96:30:96:46 | document.location |
| tst.js:96:30:96:53 | documen ... .search |
| tst.js:96:30:96:53 | documen ... .search |
| tst.js:102:25:102:41 | document.location |
| tst.js:102:25:102:41 | document.location |
| tst.js:96:30:96:53 | documen ... .search |
| tst.js:102:25:102:48 | documen ... .search |
| tst.js:102:25:102:48 | documen ... .search |
| tst.js:102:25:102:48 | documen ... .search |
| tst.js:107:7:107:44 | v |
| tst.js:107:11:107:27 | document.location |
| tst.js:107:11:107:27 | document.location |
| tst.js:107:11:107:34 | documen ... .search |
| tst.js:107:11:107:34 | documen ... .search |
| tst.js:107:11:107:44 | documen ... bstr(1) |
| tst.js:110:18:110:18 | v |
| tst.js:110:18:110:18 | v |
| tst.js:136:18:136:18 | v |
| tst.js:136:18:136:18 | v |
| tst.js:148:29:148:43 | window.location |
| tst.js:148:29:148:43 | window.location |
| tst.js:148:29:148:50 | window. ... .search |
| tst.js:148:29:148:50 | window. ... .search |
| tst.js:151:29:151:29 | v |
| tst.js:151:49:151:49 | v |
| tst.js:151:49:151:49 | v |
| tst.js:155:29:155:46 | xssSourceService() |
| tst.js:155:29:155:46 | xssSourceService() |
| tst.js:158:40:158:54 | window.location |
| tst.js:158:40:158:54 | window.location |
| tst.js:158:40:158:61 | window. ... .search |
| tst.js:158:40:158:61 | window. ... .search |
| tst.js:177:9:177:41 | target |
| tst.js:177:18:177:34 | document.location |
| tst.js:177:18:177:34 | document.location |
| tst.js:177:18:177:41 | documen ... .search |
| tst.js:177:18:177:41 | documen ... .search |
| tst.js:180:28:180:33 | target |
| tst.js:180:28:180:33 | target |
| tst.js:184:9:184:42 | tainted |
| tst.js:184:19:184:35 | document.location |
| tst.js:184:19:184:35 | document.location |
| tst.js:184:19:184:42 | documen ... .search |
| tst.js:184:19:184:42 | documen ... .search |
| tst.js:186:31:186:37 | tainted |
| tst.js:186:31:186:37 | tainted |
@@ -519,8 +477,7 @@ nodes
| tst.js:193:49:193:55 | tainted |
| tst.js:193:49:193:55 | tainted |
| tst.js:197:9:197:42 | tainted |
| tst.js:197:19:197:35 | document.location |
| tst.js:197:19:197:35 | document.location |
| tst.js:197:19:197:42 | documen ... .search |
| tst.js:197:19:197:42 | documen ... .search |
| tst.js:199:67:199:73 | tainted |
| tst.js:199:67:199:73 | tainted |
@@ -594,14 +551,12 @@ nodes
| tst.js:343:5:343:30 | getUrl( ... ring(1) |
| tst.js:343:5:343:30 | getUrl( ... ring(1) |
| tst.js:348:7:348:39 | target |
| tst.js:348:16:348:32 | document.location |
| tst.js:348:16:348:32 | document.location |
| tst.js:348:16:348:39 | documen ... .search |
| tst.js:348:16:348:39 | documen ... .search |
| tst.js:349:12:349:17 | target |
| tst.js:349:12:349:17 | target |
| tst.js:355:10:355:42 | target |
| tst.js:355:19:355:35 | document.location |
| tst.js:355:19:355:35 | document.location |
| tst.js:355:19:355:42 | documen ... .search |
| tst.js:355:19:355:42 | documen ... .search |
| tst.js:356:16:356:21 | target |
| tst.js:356:16:356:21 | target |
@@ -610,22 +565,19 @@ nodes
| tst.js:363:18:363:23 | target |
| tst.js:363:18:363:23 | target |
| tst.js:371:7:371:39 | target |
| tst.js:371:16:371:32 | document.location |
| tst.js:371:16:371:32 | document.location |
| tst.js:371:16:371:39 | documen ... .search |
| tst.js:371:16:371:39 | documen ... .search |
| tst.js:374:18:374:23 | target |
| tst.js:374:18:374:23 | target |
| tst.js:381:7:381:39 | target |
| tst.js:381:16:381:32 | document.location |
| tst.js:381:16:381:32 | document.location |
| tst.js:381:16:381:39 | documen ... .search |
| tst.js:381:16:381:39 | documen ... .search |
| tst.js:384:18:384:23 | target |
| tst.js:384:18:384:23 | target |
| tst.js:386:18:386:23 | target |
| tst.js:386:18:386:29 | target.taint |
| tst.js:386:18:386:29 | target.taint |
| tst.js:391:19:391:35 | document.location |
| tst.js:391:19:391:35 | document.location |
| tst.js:391:19:391:42 | documen ... .search |
| tst.js:391:19:391:42 | documen ... .search |
| tst.js:392:18:392:30 | target.taint3 |
| tst.js:392:18:392:30 | target.taint3 |
@@ -640,22 +592,19 @@ nodes
| tst.js:409:18:409:30 | target.taint8 |
| tst.js:409:18:409:30 | target.taint8 |
| tst.js:416:7:416:46 | payload |
| tst.js:416:17:416:31 | window.location |
| tst.js:416:17:416:31 | window.location |
| tst.js:416:17:416:36 | window.location.hash |
| tst.js:416:17:416:36 | window.location.hash |
| tst.js:416:17:416:46 | window. ... bstr(1) |
| tst.js:417:18:417:24 | payload |
| tst.js:417:18:417:24 | payload |
| tst.js:419:7:419:55 | match |
| tst.js:419:15:419:29 | window.location |
| tst.js:419:15:419:29 | window.location |
| tst.js:419:15:419:34 | window.location.hash |
| tst.js:419:15:419:34 | window.location.hash |
| tst.js:419:15:419:55 | window. ... (\\w+)/) |
| tst.js:421:20:421:24 | match |
| tst.js:421:20:421:27 | match[1] |
| tst.js:421:20:421:27 | match[1] |
| tst.js:424:18:424:32 | window.location |
| tst.js:424:18:424:32 | window.location |
| tst.js:424:18:424:37 | window.location.hash |
| tst.js:424:18:424:37 | window.location.hash |
| tst.js:424:18:424:48 | window. ... it('#') |
| tst.js:424:18:424:51 | window. ... '#')[1] |
@@ -672,8 +621,7 @@ nodes
| typeahead.js:10:16:10:18 | loc |
| typeahead.js:10:16:10:18 | loc |
| typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:38 | document.location |
| typeahead.js:20:22:20:38 | document.location |
| typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:21:12:21:17 | target |
| typeahead.js:24:30:24:32 | val |
@@ -725,8 +673,7 @@ nodes
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs |
| winjs.js:2:7:2:53 | tainted |
| winjs.js:2:17:2:33 | document.location |
| winjs.js:2:17:2:33 | document.location |
| winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:3:43:3:49 | tainted |
@@ -754,10 +701,7 @@ edges
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:66 | \\u0275getDOM ... ation() | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
@@ -829,8 +773,7 @@ edges
| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint |
| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint |
| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint |
| dates.js:9:36:9:50 | window.location | dates.js:9:36:9:55 | window.location.hash |
| dates.js:9:36:9:50 | window.location | dates.js:9:36:9:55 | window.location.hash |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` |
@@ -855,8 +798,7 @@ edges
| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") |
| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
@@ -868,12 +810,12 @@ edges
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() |
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" |
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" |
| jquery.js:14:38:14:52 | window.location | jquery.js:14:38:14:57 | window.location.hash |
| jquery.js:14:38:14:52 | window.location | jquery.js:14:38:14:57 | window.location.hash |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:15:38:15:52 | window.location | jquery.js:15:38:15:59 | window. ... .search |
| jquery.js:15:38:15:52 | window.location | jquery.js:15:38:15:59 | window. ... .search |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() |
@@ -901,8 +843,7 @@ edges
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target |
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target |
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target |
| optionalSanitizer.js:2:16:2:32 | document.location | optionalSanitizer.js:2:16:2:39 | documen ... .search |
| optionalSanitizer.js:2:16:2:32 | document.location | optionalSanitizer.js:2:16:2:39 | documen ... .search |
| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target |
| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target |
| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted |
| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted |
@@ -914,8 +855,7 @@ edges
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target |
| optionalSanitizer.js:26:16:26:32 | document.location | optionalSanitizer.js:26:16:26:39 | documen ... .search |
| optionalSanitizer.js:26:16:26:32 | document.location | optionalSanitizer.js:26:16:26:39 | documen ... .search |
| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target |
| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target |
| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 |
| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 |
@@ -987,51 +927,48 @@ edges
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' |
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' |
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') |
| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href |
| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" |
| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location | string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:32 | document.location | string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location | string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:32 | document.location | string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location | string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:32 | document.location | string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
| translate.js:6:16:6:32 | document.location | translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:32 | document.location | translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
@@ -1042,8 +979,7 @@ edges
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data |
| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:56 | window.location | tst3.js:2:42:2:63 | window. ... .search |
| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) |
| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) |
| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src |
@@ -1060,13 +996,11 @@ edges
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
@@ -1081,30 +1015,32 @@ edges
| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') |
| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target |
| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target |
| tst.js:28:5:28:21 | document.location | tst.js:28:5:28:28 | documen ... .search |
| tst.js:28:5:28:21 | document.location | tst.js:28:5:28:28 | documen ... .search |
| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target |
| tst.js:31:10:31:26 | document.location | tst.js:31:10:31:33 | documen ... .search |
| tst.js:31:10:31:26 | document.location | tst.js:31:10:31:33 | documen ... .search |
| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target |
| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() |
| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() |
| tst.js:40:20:40:36 | document.location | tst.js:40:20:40:43 | documen ... .search |
| tst.js:40:20:40:36 | document.location | tst.js:40:20:40:43 | documen ... .search |
| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:46:21:46:37 | document.location | tst.js:46:21:46:44 | documen ... .search |
| tst.js:46:21:46:37 | document.location | tst.js:46:21:46:44 | documen ... .search |
| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) |
| tst.js:54:21:54:37 | document.location | tst.js:54:21:54:44 | documen ... .search |
| tst.js:54:21:54:37 | document.location | tst.js:54:21:54:44 | documen ... .search |
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:56:21:56:37 | document.location | tst.js:56:21:56:44 | documen ... .search |
| tst.js:56:21:56:37 | document.location | tst.js:56:21:56:44 | documen ... .search |
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) |
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) |
| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) |
@@ -1112,72 +1048,43 @@ edges
| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) |
| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s |
| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s |
| tst.js:64:25:64:41 | document.location | tst.js:64:25:64:48 | documen ... .search |
| tst.js:64:25:64:41 | document.location | tst.js:64:25:64:48 | documen ... .search |
| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s |
| tst.js:65:25:65:41 | document.location | tst.js:65:25:65:48 | documen ... .search |
| tst.js:65:25:65:41 | document.location | tst.js:65:25:65:48 | documen ... .search |
| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s |
| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s |
| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s |
| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x |
| tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
| tst.js:70:3:70:19 | document.location | tst.js:70:3:70:26 | documen ... .search |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x |
| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x |
| tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
| tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
| tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
| tst.js:77:49:77:65 | document.location | tst.js:77:49:77:72 | documen ... .search |
| tst.js:81:26:81:42 | document.location | tst.js:81:26:81:49 | documen ... .search |
| tst.js:81:26:81:42 | document.location | tst.js:81:26:81:49 | documen ... .search |
| tst.js:81:26:81:42 | document.location | tst.js:81:26:81:49 | documen ... .search |
| tst.js:81:26:81:42 | document.location | tst.js:81:26:81:49 | documen ... .search |
| tst.js:82:25:82:41 | document.location | tst.js:82:25:82:48 | documen ... .search |
| tst.js:82:25:82:41 | document.location | tst.js:82:25:82:48 | documen ... .search |
| tst.js:82:25:82:41 | document.location | tst.js:82:25:82:48 | documen ... .search |
| tst.js:82:25:82:41 | document.location | tst.js:82:25:82:48 | documen ... .search |
| tst.js:84:33:84:49 | document.location | tst.js:84:33:84:56 | documen ... .search |
| tst.js:84:33:84:49 | document.location | tst.js:84:33:84:56 | documen ... .search |
| tst.js:84:33:84:49 | document.location | tst.js:84:33:84:56 | documen ... .search |
| tst.js:84:33:84:49 | document.location | tst.js:84:33:84:56 | documen ... .search |
| tst.js:85:32:85:48 | document.location | tst.js:85:32:85:55 | documen ... .search |
| tst.js:85:32:85:48 | document.location | tst.js:85:32:85:55 | documen ... .search |
| tst.js:85:32:85:48 | document.location | tst.js:85:32:85:55 | documen ... .search |
| tst.js:85:32:85:48 | document.location | tst.js:85:32:85:55 | documen ... .search |
| tst.js:90:39:90:55 | document.location | tst.js:90:39:90:62 | documen ... .search |
| tst.js:90:39:90:55 | document.location | tst.js:90:39:90:62 | documen ... .search |
| tst.js:90:39:90:55 | document.location | tst.js:90:39:90:62 | documen ... .search |
| tst.js:90:39:90:55 | document.location | tst.js:90:39:90:62 | documen ... .search |
| tst.js:96:30:96:46 | document.location | tst.js:96:30:96:53 | documen ... .search |
| tst.js:96:30:96:46 | document.location | tst.js:96:30:96:53 | documen ... .search |
| tst.js:96:30:96:46 | document.location | tst.js:96:30:96:53 | documen ... .search |
| tst.js:96:30:96:46 | document.location | tst.js:96:30:96:53 | documen ... .search |
| tst.js:102:25:102:41 | document.location | tst.js:102:25:102:48 | documen ... .search |
| tst.js:102:25:102:41 | document.location | tst.js:102:25:102:48 | documen ... .search |
| tst.js:102:25:102:41 | document.location | tst.js:102:25:102:48 | documen ... .search |
| tst.js:102:25:102:41 | document.location | tst.js:102:25:102:48 | documen ... .search |
| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search |
| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search |
| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search |
| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search |
| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search |
| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search |
| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search |
| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search |
| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v |
| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v |
| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v |
| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v |
| tst.js:107:11:107:27 | document.location | tst.js:107:11:107:34 | documen ... .search |
| tst.js:107:11:107:27 | document.location | tst.js:107:11:107:34 | documen ... .search |
| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) |
| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) |
| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v |
| tst.js:148:29:148:43 | window.location | tst.js:148:29:148:50 | window. ... .search |
| tst.js:148:29:148:43 | window.location | tst.js:148:29:148:50 | window. ... .search |
| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v |
| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v |
| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v |
| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v |
| tst.js:158:40:158:54 | window.location | tst.js:158:40:158:61 | window. ... .search |
| tst.js:158:40:158:54 | window.location | tst.js:158:40:158:61 | window. ... .search |
| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() |
| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() |
| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() |
| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() |
| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target |
| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target |
| tst.js:177:18:177:34 | document.location | tst.js:177:18:177:41 | documen ... .search |
| tst.js:177:18:177:34 | document.location | tst.js:177:18:177:41 | documen ... .search |
| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target |
| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target |
| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted |
| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted |
@@ -1191,8 +1098,7 @@ edges
| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted |
| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted |
| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted |
| tst.js:184:19:184:35 | document.location | tst.js:184:19:184:42 | documen ... .search |
| tst.js:184:19:184:35 | document.location | tst.js:184:19:184:42 | documen ... .search |
| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted |
| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted |
| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted |
| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted |
@@ -1207,8 +1113,7 @@ edges
| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted |
| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted |
| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted |
| tst.js:197:19:197:35 | document.location | tst.js:197:19:197:42 | documen ... .search |
| tst.js:197:19:197:35 | document.location | tst.js:197:19:197:42 | documen ... .search |
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted |
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 |
@@ -1256,8 +1161,7 @@ edges
| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) |
| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target |
| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
| tst.js:348:16:348:32 | document.location | tst.js:348:16:348:39 | documen ... .search |
| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target |
| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target |
| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target |
@@ -1265,13 +1169,11 @@ edges
| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target |
| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target |
| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
| tst.js:355:19:355:35 | document.location | tst.js:355:19:355:42 | documen ... .search |
| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target |
| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target |
| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target |
| tst.js:371:16:371:32 | document.location | tst.js:371:16:371:39 | documen ... .search |
| tst.js:371:16:371:32 | document.location | tst.js:371:16:371:39 | documen ... .search |
| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target |
| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target |
| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target |
| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target |
@@ -1279,13 +1181,12 @@ edges
| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target |
| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target |
| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target |
| tst.js:381:16:381:32 | document.location | tst.js:381:16:381:39 | documen ... .search |
| tst.js:381:16:381:32 | document.location | tst.js:381:16:381:39 | documen ... .search |
| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target |
| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint |
| tst.js:391:19:391:35 | document.location | tst.js:391:19:391:42 | documen ... .search |
| tst.js:391:19:391:35 | document.location | tst.js:391:19:391:42 | documen ... .search |
| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 |
| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 |
| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 |
| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 |
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 |
@@ -1298,19 +1199,16 @@ edges
| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 |
| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload |
| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload |
| tst.js:416:17:416:31 | window.location | tst.js:416:17:416:36 | window.location.hash |
| tst.js:416:17:416:31 | window.location | tst.js:416:17:416:36 | window.location.hash |
| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) |
| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) |
| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload |
| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match |
| tst.js:419:15:419:29 | window.location | tst.js:419:15:419:34 | window.location.hash |
| tst.js:419:15:419:29 | window.location | tst.js:419:15:419:34 | window.location.hash |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) |
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] |
| tst.js:424:18:424:32 | window.location | tst.js:424:18:424:37 | window.location.hash |
| tst.js:424:18:424:32 | window.location | tst.js:424:18:424:37 | window.location.hash |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] |
@@ -1325,8 +1223,7 @@ edges
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:38 | document.location | typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val |
| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val |
@@ -1377,8 +1274,7 @@ edges
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |
| winjs.js:2:17:2:33 | document.location | winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:33 | document.location | winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted |
| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json |

20
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
View File

@@ -55,8 +55,7 @@ nodes
| exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:28:119:28 | e |
| exception-xss.js:125:45:125:61 | document.location |
| exception-xss.js:125:45:125:61 | document.location |
| exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:129:11:129:11 | e |
@@ -68,8 +67,7 @@ nodes
| exception-xss.js:138:19:138:23 | error |
| exception-xss.js:138:19:138:23 | error |
| exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:146:12:146:28 | document.location |
| exception-xss.js:146:12:146:28 | document.location |
| exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:148:33:148:35 | foo |
| exception-xss.js:148:55:148:55 | e |
@@ -142,8 +140,7 @@ edges
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:125:45:125:61 | document.location | exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:125:45:125:61 | document.location | exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
@@ -155,8 +152,7 @@ edges
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo |
| exception-xss.js:146:12:146:28 | document.location | exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:146:12:146:28 | document.location | exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
@@ -184,9 +180,9 @@ edges
| exception-xss.js:97:18:97:18 | e | exception-xss.js:2:12:2:28 | document.location | exception-xss.js:97:18:97:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:2:12:2:28 | document.location | Exception text |
| exception-xss.js:107:18:107:18 | e | exception-xss.js:2:12:2:28 | document.location | exception-xss.js:107:18:107:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:2:12:2:28 | document.location | Exception text |
| exception-xss.js:119:12:119:28 | "Exception: " + e | exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:119:12:119:28 | "Exception: " + e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:117:11:117:23 | req.params.id | Exception text |
| exception-xss.js:130:18:130:18 | e | exception-xss.js:125:45:125:61 | document.location | exception-xss.js:130:18:130:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:125:45:125:61 | document.location | Exception text |
| exception-xss.js:130:18:130:18 | e | exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:130:18:130:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:125:45:125:68 | documen ... .search | Exception text |
| exception-xss.js:138:19:138:23 | error | exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:138:19:138:23 | error | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:136:10:136:22 | req.params.id | Exception text |
| exception-xss.js:149:18:149:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:149:18:149:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
| exception-xss.js:155:18:155:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:155:18:155:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
| exception-xss.js:175:18:175:18 | e | exception-xss.js:146:12:146:28 | document.location | exception-xss.js:175:18:175:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:28 | document.location | Exception text |
| exception-xss.js:149:18:149:18 | e | exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:149:18:149:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:35 | documen ... .search | Exception text |
| exception-xss.js:155:18:155:18 | e | exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:155:18:155:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:35 | documen ... .search | Exception text |
| exception-xss.js:175:18:175:18 | e | exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:175:18:175:18 | e | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:146:12:146:35 | documen ... .search | Exception text |
| exception-xss.js:182:19:182:23 | error | exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:182:19:182:23 | error | $@ is reinterpreted as HTML without escaping meta-characters. | exception-xss.js:180:10:180:22 | req.params.id | Exception text |

168
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -46,14 +46,11 @@ nodes
| sanitizer.js:37:27:37:29 | url |
| sanitizer.js:37:27:37:29 | url |
| tst2.js:2:7:2:33 | href |
| tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href |
| tst2.js:4:21:4:24 | href |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst6.js:2:7:2:45 | redirect |
@@ -67,44 +64,34 @@ nodes
| tst6.js:8:21:8:48 | $locati ... irect') |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:28 | document.location |
| tst7.js:2:12:2:28 | document.location |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:43 | document.location |
| tst7.js:5:27:5:43 | document.location |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:37 | document.location |
| tst9.js:2:21:2:37 | document.location |
| tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:39 | document.location |
| tst10.js:5:23:5:39 | document.location |
| tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:40 | document.location |
| tst10.js:8:24:8:40 | document.location |
| tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:43 | document.location |
| tst10.js:11:27:11:43 | document.location |
| tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:49 | document.location |
| tst10.js:14:33:14:49 | document.location |
| tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:14:33:14:56 | documen ... .search |
| tst12.js:3:9:3:50 | urlParts |
| tst12.js:3:20:3:34 | window.location |
| tst12.js:3:20:3:34 | window.location |
| tst12.js:3:20:3:34 | window.location |
| tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:4:9:4:45 | loc |
@@ -114,8 +101,7 @@ nodes
| tst12.js:5:23:5:25 | loc |
| tst12.js:5:23:5:25 | loc |
| tst13.js:2:9:2:52 | payload |
| tst13.js:2:19:2:35 | document.location |
| tst13.js:2:19:2:35 | document.location |
| tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:4:15:4:21 | payload |
@@ -154,55 +140,50 @@ nodes
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:68 | documen ... on.href |
| tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:55 | documen ... on.href |
| tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:59:10:75 | document.location |
| tst.js:10:59:10:75 | document.location |
| tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:80 | documen ... on.href |
| tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:34:14:50 | document.location |
| tst.js:14:34:14:50 | document.location |
| tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:55 | documen ... on.href |
| tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:59:18:75 | document.location |
| tst.js:18:59:18:75 | document.location |
| tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:80 | documen ... on.href |
| tst.js:22:20:22:56 | indirec ... n.href) |
| tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:34:22:50 | document.location |
| tst.js:22:34:22:50 | document.location |
| tst.js:22:34:22:55 | documen ... on.href |
| typed.ts:3:15:3:72 | location |
| typed.ts:3:17:3:24 | location |
| typed.ts:3:17:3:24 | location |
| tst.js:22:34:22:55 | documen ... on.href |
| typed.ts:4:13:4:36 | params |
| typed.ts:4:22:4:29 | location |
| typed.ts:4:22:4:36 | location.search |
| typed.ts:4:22:4:36 | location.search |
| typed.ts:5:25:5:30 | params |
| typed.ts:7:24:7:34 | redirectUri |
| typed.ts:8:33:8:43 | redirectUri |
| typed.ts:8:33:8:43 | redirectUri |
| typed.ts:14:15:14:72 | location |
| typed.ts:14:17:14:24 | location |
| typed.ts:14:17:14:24 | location |
| typed.ts:17:18:17:25 | location |
| typed.ts:19:13:19:37 | secondLoc |
| typed.ts:19:25:19:37 | container.loc |
| typed.ts:21:33:21:41 | secondLoc |
| typed.ts:24:32:24:34 | loc |
| typed.ts:25:25:25:27 | loc |
| typed.ts:25:25:25:34 | loc.search |
| typed.ts:25:25:25:34 | loc.search |
| typed.ts:28:24:28:34 | redirectUri |
| typed.ts:29:33:29:43 | redirectUri |
@@ -251,17 +232,12 @@ edges
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url |
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
@@ -272,40 +248,30 @@ edges
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:42 | documen ... on.hash |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:37 | document.location |
| tst10.js:5:23:5:39 | document.location | tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:39 | document.location | tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:8:24:8:40 | document.location | tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:8:24:8:40 | document.location | tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:11:27:11:43 | document.location | tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:43 | document.location | tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:14:33:14:49 | document.location | tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:14:33:14:49 | document.location | tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts |
| tst12.js:3:20:3:34 | window.location | tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:34 | window.location | tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:34 | window.location | tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts |
| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc |
@@ -313,7 +279,6 @@ edges
| tst12.js:4:15:4:22 | urlParts | tst12.js:4:15:4:25 | urlParts[0] |
| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:15:4:45 | urlPart ... s.value |
| tst12.js:4:15:4:45 | urlPart ... s.value | tst12.js:4:9:4:45 | loc |
| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:34 | window.location |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload |
@@ -336,8 +301,7 @@ edges
| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload |
| tst13.js:2:19:2:35 | document.location | tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:35 | document.location | tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e |
@@ -353,49 +317,44 @@ edges
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href |
| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href |
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) |
| typed.ts:3:15:3:72 | location | typed.ts:4:22:4:29 | location |
| typed.ts:3:17:3:24 | location | typed.ts:3:15:3:72 | location |
| typed.ts:3:17:3:24 | location | typed.ts:3:15:3:72 | location |
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) |
| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params |
| typed.ts:4:22:4:29 | location | typed.ts:4:22:4:36 | location.search |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params |
| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri |
| typed.ts:14:15:14:72 | location | typed.ts:17:18:17:25 | location |
| typed.ts:14:17:14:24 | location | typed.ts:14:15:14:72 | location |
| typed.ts:14:17:14:24 | location | typed.ts:14:15:14:72 | location |
| typed.ts:17:18:17:25 | location | typed.ts:19:25:19:37 | container.loc |
| typed.ts:19:13:19:37 | secondLoc | typed.ts:21:33:21:41 | secondLoc |
| typed.ts:19:25:19:37 | container.loc | typed.ts:19:13:19:37 | secondLoc |
| typed.ts:21:33:21:41 | secondLoc | typed.ts:24:32:24:34 | loc |
| typed.ts:24:32:24:34 | loc | typed.ts:25:25:25:27 | loc |
| typed.ts:25:25:25:27 | loc | typed.ts:25:25:25:34 | loc.search |
| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri |
| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
@@ -415,35 +374,42 @@ edges
| sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection due to $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection due to $@. | tst2.js:2:14:2:28 | window.location | user-provided value |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection due to $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value |
| tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection due to $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
| tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection due to $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
| tst6.js:8:21:8:56 | $locati ... + "foo" | tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | Untrusted URL redirection due to $@. | tst6.js:8:21:8:48 | $locati ... irect') | user-provided value |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:28 | document.location | tst7.js:2:12:2:35 | documen ... .search | Untrusted URL redirection due to $@. | tst7.js:2:12:2:28 | document.location | user-provided value |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:43 | document.location | tst7.js:5:27:5:50 | documen ... .search | Untrusted URL redirection due to $@. | tst7.js:5:27:5:43 | document.location | user-provided value |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:37 | document.location | tst9.js:2:21:2:55 | documen ... ring(1) | Untrusted URL redirection due to $@. | tst9.js:2:21:2:37 | document.location | user-provided value |
| tst10.js:5:17:5:46 | '/' + d ... .search | tst10.js:5:23:5:39 | document.location | tst10.js:5:17:5:46 | '/' + d ... .search | Untrusted URL redirection due to $@. | tst10.js:5:23:5:39 | document.location | user-provided value |
| tst10.js:8:17:8:47 | '//' + ... .search | tst10.js:8:24:8:40 | document.location | tst10.js:8:17:8:47 | '//' + ... .search | Untrusted URL redirection due to $@. | tst10.js:8:24:8:40 | document.location | user-provided value |
| tst10.js:11:17:11:50 | '//foo' ... .search | tst10.js:11:27:11:43 | document.location | tst10.js:11:17:11:50 | '//foo' ... .search | Untrusted URL redirection due to $@. | tst10.js:11:27:11:43 | document.location | user-provided value |
| tst10.js:14:17:14:56 | 'https: ... .search | tst10.js:14:33:14:49 | document.location | tst10.js:14:17:14:56 | 'https: ... .search | Untrusted URL redirection due to $@. | tst10.js:14:33:14:49 | document.location | user-provided value |
| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:34 | window.location | tst12.js:5:23:5:25 | loc | Untrusted URL redirection due to $@. | tst12.js:3:20:3:34 | window.location | user-provided value |
| tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:4:15:4:21 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:8:21:8:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:12:14:12:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:16:17:16:23 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:16:17:16:23 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:20:14:20:20 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:20:14:20:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:24:14:24:20 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:24:14:24:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:28:21:28:27 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:28:21:28:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:32:17:32:23 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:32:17:32:23 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:36:21:36:27 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:36:21:36:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:40:15:40:21 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:40:15:40:21 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst13.js:44:14:44:20 | payload | tst13.js:2:19:2:35 | document.location | tst13.js:44:14:44:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:35 | document.location | user-provided value |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | Untrusted URL redirection due to $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | Untrusted URL redirection due to $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | Untrusted URL redirection due to $@. | tst9.js:2:21:2:42 | documen ... on.hash | user-provided value |
| tst10.js:5:17:5:46 | '/' + d ... .search | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | Untrusted URL redirection due to $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value |
| tst10.js:8:17:8:47 | '//' + ... .search | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | Untrusted URL redirection due to $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value |
| tst10.js:11:17:11:50 | '//foo' ... .search | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | Untrusted URL redirection due to $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value |
| tst10.js:14:17:14:56 | 'https: ... .search | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | Untrusted URL redirection due to $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value |
| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:39 | window.location.hash | tst12.js:5:23:5:25 | loc | Untrusted URL redirection due to $@. | tst12.js:3:20:3:39 | window.location.hash | user-provided value |
| tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:4:15:4:21 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:8:21:8:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:12:14:12:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:16:17:16:23 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:16:17:16:23 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:20:14:20:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:20:14:20:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:24:14:24:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:24:14:24:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:28:21:28:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:28:21:28:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:32:17:32:23 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:32:17:32:23 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:36:21:36:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:36:21:36:27 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:40:15:40:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:40:15:40:21 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:44:14:44:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:44:14:44:20 | payload | Untrusted URL redirection due to $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:50:23:50:23 | e | tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | Untrusted URL redirection due to $@. | tst13.js:49:32:49:32 | e | user-provided value |
| tst13.js:53:28:53:28 | e | tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | Untrusted URL redirection due to $@. | tst13.js:52:34:52:34 | e | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:2:47:2:63 | document.location | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value |
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:6:34:6:50 | document.location | user-provided value |
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value |
| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:75 | document.location | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:10:59:10:75 | document.location | user-provided value |
| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value |
| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:50 | document.location | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:14:34:14:50 | document.location | user-provided value |
| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value |
| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:75 | document.location | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:18:59:18:75 | document.location | user-provided value |
| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value |
| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:50 | document.location | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:22:34:22:50 | document.location | user-provided value |
| typed.ts:8:33:8:43 | redirectUri | typed.ts:3:17:3:24 | location | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection due to $@. | typed.ts:3:17:3:24 | location | user-provided value |
| typed.ts:29:33:29:43 | redirectUri | typed.ts:14:17:14:24 | location | typed.ts:29:33:29:43 | redirectUri | Untrusted URL redirection due to $@. | typed.ts:14:17:14:24 | location | user-provided value |
| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection due to $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value |
| typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection due to $@. | typed.ts:4:22:4:36 | location.search | user-provided value |
| typed.ts:29:33:29:43 | redirectUri | typed.ts:25:25:25:34 | loc.search | typed.ts:29:33:29:43 | redirectUri | Untrusted URL redirection due to $@. | typed.ts:25:25:25:34 | loc.search | user-provided value |

10
javascript/ql/test/query-tests/Security/CWE-918/clientSideParam.js Normal file
View File

@@ -0,0 +1,10 @@
import * as React from "react";
import { useParams } from "react-router-dom";
import request from 'request';
export function MyComponent() {
const params = useParams();
request('https://example.com/api/' + params.foo + '/id'); // OK - cannot manipulate path using `../`
request(params.foo); // Possibly problematic, but not currently flagged.
}