Merge pull request #10845 from github/henrymercer/remove-worsening-queries

ATM: Remove worsening-based queries
2026-05-02 12:15:17 +02:00 · 2022-10-19 10:05:53 +01:00
parent e9e2e90a92 c0ac7ad7db
commit 3afb9c1b3b
17 changed files with 0 additions and 50843 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjection.ql
@@ -1,25 +0,0 @@
-/**
- * NosqlInjection.ql
- *
- * Version of the standard NoSQL injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import javascript
-import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection
-import EndToEndEvaluation as EndToEndEvaluation
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource
-where
-  cfg instanceof NosqlInjection::Configuration and
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource)
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATM.ql
@@ -1,28 +0,0 @@
-/**
- * NosqlInjectionATM.ql
- *
- * Version of the boosted NoSQL injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.NosqlInjectionATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  getScoreForFlow(source, sink) = score
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/NosqlInjectionATMLite.ql
@@ -1,29 +0,0 @@
-/**
- * NosqlInjectionATMLite.ql
- *
- * Arbitrarily ranked version of the boosted NoSQL injection query with an output relation ready to
- * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint
- * filters, and (b) as a baseline to compare the model against.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.NosqlInjectionATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  score = 0
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjection.ql
@@ -1,25 +0,0 @@
-/**
- * SqlInjection.ql
- *
- * Version of the standard SQL injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import javascript
-import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
-import EndToEndEvaluation as EndToEndEvaluation
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource
-where
-  cfg instanceof SqlInjection::Configuration and
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource)
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATM.ql
@@ -1,28 +0,0 @@
-/**
- * SqlInjectionATM.ql
- *
- * Version of the boosted SQL injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.SqlInjectionATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  getScoreForFlow(source, sink) = score
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/SqlInjectionATMLite.ql
@@ -1,29 +0,0 @@
-/**
- * SqlInjectionATMLite.ql
- *
- * Arbitrarily ranked version of the boosted SQL injection query with an output relation ready to
- * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint
- * filters, and (b) as a baseline to compare the model against.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.SqlInjectionATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  score = 0
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPath.ql
@@ -1,25 +0,0 @@
-/**
- * TaintedPath.ql
- *
- * Version of the standard path injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import javascript
-import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath
-import EndToEndEvaluation as EndToEndEvaluation
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource
-where
-  cfg instanceof TaintedPath::Configuration and
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource)
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATM.ql
@@ -1,28 +0,0 @@
-/**
- * TaintedPathATM.ql
- *
- * Version of the boosted path injection query with an output relation ready to plug into the
- * evaluation pipeline.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.TaintedPathATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  getScoreForFlow(source, sink) = score
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/TaintedPathATMLite.ql
@@ -1,29 +0,0 @@
-/**
- * TaintedPathATMLite.ql
- *
- * Arbitrarily ranked version of the boosted path injection query with an output relation ready to
- * plug into the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint
- * filters, and (b) as a baseline to compare the model against.
- */
-
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.TaintedPathATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  score = 0
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/Xss.ql
@@ -1,25 +0,0 @@
-/**
- * Xss.ql
- *
- * Version of the standard XSS query with an output relation ready to plug into the evaluation
- * pipeline.
- */
-
-import javascript
-import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
-import EndToEndEvaluation as EndToEndEvaluation
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource
-where
-  cfg instanceof DomBasedXss::Configuration and
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource)
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATM.ql
@@ -1,29 +0,0 @@
-/**
- * XssATM.ql
- *
- * Version of the boosted XSS query with an output relation ready to plug into the evaluation
- * pipeline.
- */
-
-import javascript
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.XssATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  getScoreForFlow(source, sink) = score
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/evaluation/XssATMLite.ql
@@ -1,30 +0,0 @@
-/**
- * XssATMLite.ql
- *
- * Arbitrarily ranked version of the boosted XSS query with an output relation ready to plug into
- * the evaluation pipeline. This is useful (a) for evaluating the performance of endpoint filters,
- * and (b) as a baseline to compare the model against.
- */
-
-import javascript
-import ATM::ResultsInfo
-import EndToEndEvaluation as EndToEndEvaluation
-import experimental.adaptivethreatmodeling.XssATM
-
-from
-  DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink, string filePathSink,
-  int startLineSink, int endLineSink, int startColumnSink, int endColumnSink, string filePathSource,
-  int startLineSource, int endLineSource, int startColumnSource, int endColumnSource, float score
-where
-  cfg.hasFlow(source, sink) and
-  not EndToEndEvaluation::isFlowExcluded(source, sink) and
-  not isFlowLikelyInBaseQuery(source, sink) and
-  sink.hasLocationInfo(filePathSink, startLineSink, startColumnSink, endLineSink, endColumnSink) and
-  source
-      .hasLocationInfo(filePathSource, startLineSource, startColumnSource, endLineSource,
-        endColumnSource) and
-  score = 0
-select source, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-  sink, startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink, score order by
-    score desc, startLineSource, startColumnSource, endLineSource, endColumnSource, filePathSource,
-    startLineSink, startColumnSink, endLineSink, endColumnSink, filePathSink
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataEvaluation.ql
@@ -1,25 +0,0 @@
-/*
- * For internal use only.
- *
- * Extracts evaluation data we can use to evaluate ML models for ML-powered queries.
- */
-
-import javascript
-import ExtractEndpointData as ExtractEndpointData
-
-query predicate endpoints(
-  DataFlow::Node endpoint, string queryName, string key, string value, string valueType
-) {
-  ExtractEndpointData::endpoints(endpoint, queryName, key, value, valueType) and
-  // only select endpoints that are either Sink, NotASink or Unknown
-  ExtractEndpointData::endpoints(endpoint, queryName, "sinkLabel", ["Sink", "NotASink", "Unknown"],
-    "string") and
-  // do not select endpoints filtered out by end-to-end evaluation
-  ExtractEndpointData::endpoints(endpoint, queryName, "isExcludedFromEndToEndEvaluation", "false",
-    "boolean")
-}
-
-query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, string featureValue) {
-  endpoints(endpoint, _, _, _, _) and
-  ExtractEndpointData::tokenFeatures(endpoint, featureName, featureValue)
-}
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.expected
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataEvaluation.qlref
@@ -1 +0,0 @@
-extraction/ExtractEndpointDataEvaluation.ql
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected
@@ -1,530 +0,0 @@
-endpoints
-| index.js:1:25:1:33 | "express" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:1:25:1:33 | "express" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:1:25:1:33 | "express" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:1:25:1:33 | "express" | TaintedPath | sinkLabel | Sink | string |
-| index.js:2:26:2:35 | 'mongoose' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:2:26:2:35 | 'mongoose' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:2:26:2:35 | 'mongoose' | TaintedPath | sinkLabel | Sink | string |
-| index.js:3:29:3:34 | 'User' | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:3:29:3:34 | 'User' | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:3:29:3:34 | 'User' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:29:3:34 | 'User' | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:3:29:3:34 | 'User' | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:3:29:3:34 | 'User' | SqlInjection | isConstantExpression | true | boolean |
-| index.js:3:29:3:34 | 'User' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:29:3:34 | 'User' | SqlInjection | sinkLabel | Unknown | string |
-| index.js:3:29:3:34 | 'User' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:3:29:3:34 | 'User' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:3:29:3:34 | 'User' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:29:3:34 | 'User' | TaintedPath | sinkLabel | Unknown | string |
-| index.js:3:29:3:34 | 'User' | Xss | hasFlowFromSource | false | boolean |
-| index.js:3:29:3:34 | 'User' | Xss | isConstantExpression | true | boolean |
-| index.js:3:29:3:34 | 'User' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:29:3:34 | 'User' | Xss | sinkLabel | Unknown | string |
-| index.js:3:37:3:40 | null | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:3:37:3:40 | null | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:3:37:3:40 | null | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:37:3:40 | null | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:3:37:3:40 | null | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:3:37:3:40 | null | SqlInjection | isConstantExpression | true | boolean |
-| index.js:3:37:3:40 | null | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:37:3:40 | null | SqlInjection | sinkLabel | Unknown | string |
-| index.js:3:37:3:40 | null | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:3:37:3:40 | null | TaintedPath | isConstantExpression | true | boolean |
-| index.js:3:37:3:40 | null | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:37:3:40 | null | TaintedPath | sinkLabel | Unknown | string |
-| index.js:3:37:3:40 | null | Xss | hasFlowFromSource | false | boolean |
-| index.js:3:37:3:40 | null | Xss | isConstantExpression | true | boolean |
-| index.js:3:37:3:40 | null | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:3:37:3:40 | null | Xss | sinkLabel | Unknown | string |
-| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string |
-| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string |
-| index.js:8:12:8:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:12:8:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | Xss | hasFlowFromSource | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | Xss | isConstantExpression | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | Xss | sinkLabel | Unknown | string |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | hasFlowFromSource | true | boolean |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | NosqlInjection | sinkLabel | Sink | string |
-| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | SqlInjection | sinkLabel | Unknown | string |
-| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | TaintedPath | sinkLabel | Unknown | string |
-| index.js:9:28:9:43 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | Xss | isConstantExpression | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:9:28:9:43 | req.body.isAdmin | Xss | sinkLabel | Unknown | string |
-| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isConstantExpression | true | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | SqlInjection | sinkLabel | Unknown | string |
-| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isConstantExpression | true | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | TaintedPath | sinkLabel | Unknown | string |
-| index.js:14:12:14:21 | '/isAdmin' | Xss | hasFlowFromSource | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | Xss | isConstantExpression | true | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:12:14:21 | '/isAdmin' | Xss | sinkLabel | Unknown | string |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | NosqlInjection | sinkLabel | Unknown | string |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | SqlInjection | sinkLabel | Unknown | string |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | TaintedPath | sinkLabel | Unknown | string |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | Xss | hasFlowFromSource | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | Xss | isConstantExpression | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | Xss | sinkLabel | Unknown | string |
-| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | hasFlowFromSource | true | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:15:17:15:32 | req.body.isAdmin | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | hasFlowFromSource | true | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isConstantExpression | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:15:17:15:32 | req.body.isAdmin | SqlInjection | sinkLabel | NotASink | string |
-| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | hasFlowFromSource | true | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isConstantExpression | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:15:17:15:32 | req.body.isAdmin | TaintedPath | sinkLabel | NotASink | string |
-| index.js:15:17:15:32 | req.body.isAdmin | Xss | hasFlowFromSource | true | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | Xss | isConstantExpression | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string |
-| index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string |
-| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | sinkLabel | Sink | string |
-| index.js:20:26:20:29 | true | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:20:26:20:29 | true | SqlInjection | isConstantExpression | true | boolean |
-| index.js:20:26:20:29 | true | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:20:26:20:29 | true | SqlInjection | sinkLabel | Unknown | string |
-| index.js:20:26:20:29 | true | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:20:26:20:29 | true | TaintedPath | isConstantExpression | true | boolean |
-| index.js:20:26:20:29 | true | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:20:26:20:29 | true | TaintedPath | sinkLabel | Unknown | string |
-| index.js:20:26:20:29 | true | Xss | hasFlowFromSource | false | boolean |
-| index.js:20:26:20:29 | true | Xss | isConstantExpression | true | boolean |
-| index.js:20:26:20:29 | true | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:20:26:20:29 | true | Xss | sinkLabel | Unknown | string |
-| index.js:24:13:24:22 | "constant" | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:24:13:24:22 | "constant" | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:24:13:24:22 | "constant" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:24:13:24:22 | "constant" | NosqlInjection | sinkLabel | Sink | string |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string |
-| index.js:32:15:32:24 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:32:15:32:24 | "someData" | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:32:15:32:24 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:32:15:32:24 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:32:15:32:24 | "someData" | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:32:15:32:24 | "someData" | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:32:15:32:24 | "someData" | SqlInjection | isConstantExpression | true | boolean |
-| index.js:32:15:32:24 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:32:15:32:24 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:32:15:32:24 | "someData" | SqlInjection | sinkLabel | NotASink | string |
-| index.js:32:15:32:24 | "someData" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:32:15:32:24 | "someData" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:32:15:32:24 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:32:15:32:24 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:32:15:32:24 | "someData" | TaintedPath | sinkLabel | NotASink | string |
-| index.js:32:15:32:24 | "someData" | Xss | hasFlowFromSource | false | boolean |
-| index.js:32:15:32:24 | "someData" | Xss | isConstantExpression | true | boolean |
-| index.js:32:15:32:24 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:32:15:32:24 | "someData" | Xss | notASinkReason | LoggerMethod | string |
-| index.js:32:15:32:24 | "someData" | Xss | sinkLabel | NotASink | string |
-| index.js:36:20:36:22 | "a" | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:36:20:36:22 | "a" | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:36:20:36:22 | "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | ConstantReceiver | string |
-| index.js:36:20:36:22 | "a" | NosqlInjection | notASinkReason | StringStartsWith | string |
-| index.js:36:20:36:22 | "a" | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:36:20:36:22 | "a" | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:36:20:36:22 | "a" | SqlInjection | isConstantExpression | true | boolean |
-| index.js:36:20:36:22 | "a" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | ConstantReceiver | string |
-| index.js:36:20:36:22 | "a" | SqlInjection | notASinkReason | StringStartsWith | string |
-| index.js:36:20:36:22 | "a" | SqlInjection | sinkLabel | NotASink | string |
-| index.js:36:20:36:22 | "a" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:36:20:36:22 | "a" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:36:20:36:22 | "a" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | ConstantReceiver | string |
-| index.js:36:20:36:22 | "a" | TaintedPath | notASinkReason | StringStartsWith | string |
-| index.js:36:20:36:22 | "a" | TaintedPath | sinkLabel | NotASink | string |
-| index.js:36:20:36:22 | "a" | Xss | hasFlowFromSource | false | boolean |
-| index.js:36:20:36:22 | "a" | Xss | isConstantExpression | true | boolean |
-| index.js:36:20:36:22 | "a" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:36:20:36:22 | "a" | Xss | notASinkReason | ConstantReceiver | string |
-| index.js:36:20:36:22 | "a" | Xss | notASinkReason | StringStartsWith | string |
-| index.js:36:20:36:22 | "a" | Xss | sinkLabel | NotASink | string |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | NosqlInjection | sinkLabel | Sink | string |
-| index.js:78:30:78:39 | "someData" | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:78:30:78:39 | "someData" | NosqlInjection | isConstantExpression | true | boolean |
-| index.js:78:30:78:39 | "someData" | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:78:30:78:39 | "someData" | NosqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:78:30:78:39 | "someData" | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:78:30:78:39 | "someData" | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:78:30:78:39 | "someData" | SqlInjection | isConstantExpression | true | boolean |
-| index.js:78:30:78:39 | "someData" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:78:30:78:39 | "someData" | SqlInjection | notASinkReason | LoggerMethod | string |
-| index.js:78:30:78:39 | "someData" | SqlInjection | sinkLabel | NotASink | string |
-| index.js:78:30:78:39 | "someData" | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:78:30:78:39 | "someData" | TaintedPath | isConstantExpression | true | boolean |
-| index.js:78:30:78:39 | "someData" | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:78:30:78:39 | "someData" | TaintedPath | notASinkReason | LoggerMethod | string |
-| index.js:78:30:78:39 | "someData" | TaintedPath | sinkLabel | NotASink | string |
-| index.js:78:30:78:39 | "someData" | Xss | hasFlowFromSource | false | boolean |
-| index.js:78:30:78:39 | "someData" | Xss | isConstantExpression | true | boolean |
-| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
-| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | notASinkReason | JQueryArgument | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isConstantExpression | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | notASinkReason | JQueryArgument | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | SqlInjection | sinkLabel | NotASink | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isConstantExpression | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | notASinkReason | JQueryArgument | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | TaintedPath | sinkLabel | NotASink | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | hasFlowFromSource | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isConstantExpression | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
-| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
-| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
-| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
-| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
-| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
-| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
-| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
-| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
-| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
-| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
-| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
-| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
-| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
-| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
-| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
-| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
-| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
-tokenFeatures
-| index.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
-| index.js:1:25:1:33 | "express" | InputAccessPathFromCallee |  |
-| index.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
-| index.js:1:25:1:33 | "express" | assignedToPropName |  |
-| index.js:1:25:1:33 | "express" | calleeImports |  |
-| index.js:1:25:1:33 | "express" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:1:25:1:33 | "express" | contextSurroundingFunctionParameters |  |
-| index.js:1:25:1:33 | "express" | enclosingFunctionBody |  |
-| index.js:1:25:1:33 | "express" | enclosingFunctionName |  |
-| index.js:1:25:1:33 | "express" | fileImports | express mongoose |
-| index.js:1:25:1:33 | "express" | receiverName |  |
-| index.js:1:25:1:33 | "express" | stringConcatenatedWith |  |
-| index.js:2:26:2:35 | 'mongoose' | CalleeFlexibleAccessPath | require |
-| index.js:2:26:2:35 | 'mongoose' | InputAccessPathFromCallee |  |
-| index.js:2:26:2:35 | 'mongoose' | InputArgumentIndex | 0 |
-| index.js:2:26:2:35 | 'mongoose' | assignedToPropName |  |
-| index.js:2:26:2:35 | 'mongoose' | calleeImports |  |
-| index.js:2:26:2:35 | 'mongoose' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:2:26:2:35 | 'mongoose' | contextSurroundingFunctionParameters |  |
-| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionBody |  |
-| index.js:2:26:2:35 | 'mongoose' | enclosingFunctionName |  |
-| index.js:2:26:2:35 | 'mongoose' | fileImports | express mongoose |
-| index.js:2:26:2:35 | 'mongoose' | receiverName |  |
-| index.js:2:26:2:35 | 'mongoose' | stringConcatenatedWith |  |
-| index.js:3:29:3:34 | 'User' | CalleeFlexibleAccessPath | mongoose.model |
-| index.js:3:29:3:34 | 'User' | InputAccessPathFromCallee |  |
-| index.js:3:29:3:34 | 'User' | InputArgumentIndex | 0 |
-| index.js:3:29:3:34 | 'User' | assignedToPropName |  |
-| index.js:3:29:3:34 | 'User' | calleeImports | mongoose |
-| index.js:3:29:3:34 | 'User' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:3:29:3:34 | 'User' | contextSurroundingFunctionParameters |  |
-| index.js:3:29:3:34 | 'User' | enclosingFunctionBody |  |
-| index.js:3:29:3:34 | 'User' | enclosingFunctionName |  |
-| index.js:3:29:3:34 | 'User' | fileImports | express mongoose |
-| index.js:3:29:3:34 | 'User' | receiverName | mongoose |
-| index.js:3:29:3:34 | 'User' | stringConcatenatedWith |  |
-| index.js:3:37:3:40 | null | CalleeFlexibleAccessPath | mongoose.model |
-| index.js:3:37:3:40 | null | InputAccessPathFromCallee |  |
-| index.js:3:37:3:40 | null | InputArgumentIndex | 1 |
-| index.js:3:37:3:40 | null | assignedToPropName |  |
-| index.js:3:37:3:40 | null | calleeImports | mongoose |
-| index.js:3:37:3:40 | null | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:3:37:3:40 | null | contextSurroundingFunctionParameters |  |
-| index.js:3:37:3:40 | null | enclosingFunctionBody |  |
-| index.js:3:37:3:40 | null | enclosingFunctionName |  |
-| index.js:3:37:3:40 | null | fileImports | express mongoose |
-| index.js:3:37:3:40 | null | receiverName | mongoose |
-| index.js:3:37:3:40 | null | stringConcatenatedWith |  |
-| index.js:8:12:8:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
-| index.js:8:12:8:21 | '/isAdmin' | InputAccessPathFromCallee |  |
-| index.js:8:12:8:21 | '/isAdmin' | InputArgumentIndex | 0 |
-| index.js:8:12:8:21 | '/isAdmin' | assignedToPropName |  |
-| index.js:8:12:8:21 | '/isAdmin' | calleeImports | express |
-| index.js:8:12:8:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:8:12:8:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
-| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
-| index.js:8:12:8:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToSink |
-| index.js:8:12:8:21 | '/isAdmin' | fileImports | express mongoose |
-| index.js:8:12:8:21 | '/isAdmin' | receiverName | app |
-| index.js:8:12:8:21 | '/isAdmin' | stringConcatenatedWith |  |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | CalleeFlexibleAccessPath | app.post |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | InputAccessPathFromCallee |  |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | InputArgumentIndex | 1 |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | assignedToPropName |  |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | calleeImports | express |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | enclosingFunctionName | flowFromSourceToSink |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | fileImports | express mongoose |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | receiverName | app |
-| index.js:8:24:10:3 | (req, r ... });\\n  } | stringConcatenatedWith |  |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | InputArgumentIndex | 0 |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | assignedToPropName |  |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeImports | mongoose |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | contextSurroundingFunctionParameters | ()\n(req, res) |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | enclosingFunctionName | flowFromSourceToSink |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | fileImports | express mongoose |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | receiverName | User |
-| index.js:9:15:9:45 | { 'isAd ... Admin } | stringConcatenatedWith |  |
-| index.js:9:28:9:43 | req.body.isAdmin | CalleeFlexibleAccessPath | User.find |
-| index.js:9:28:9:43 | req.body.isAdmin | InputAccessPathFromCallee | 0.isAdmin |
-| index.js:9:28:9:43 | req.body.isAdmin | InputArgumentIndex | 0 |
-| index.js:9:28:9:43 | req.body.isAdmin | assignedToPropName | isAdmin |
-| index.js:9:28:9:43 | req.body.isAdmin | calleeImports | mongoose |
-| index.js:9:28:9:43 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:9:28:9:43 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
-| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res User find isAdmin req body isAdmin |
-| index.js:9:28:9:43 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToSink |
-| index.js:9:28:9:43 | req.body.isAdmin | fileImports | express mongoose |
-| index.js:9:28:9:43 | req.body.isAdmin | receiverName |  |
-| index.js:9:28:9:43 | req.body.isAdmin | stringConcatenatedWith |  |
-| index.js:14:12:14:21 | '/isAdmin' | CalleeFlexibleAccessPath | app.post |
-| index.js:14:12:14:21 | '/isAdmin' | InputAccessPathFromCallee |  |
-| index.js:14:12:14:21 | '/isAdmin' | InputArgumentIndex | 0 |
-| index.js:14:12:14:21 | '/isAdmin' | assignedToPropName |  |
-| index.js:14:12:14:21 | '/isAdmin' | calleeImports | express |
-| index.js:14:12:14:21 | '/isAdmin' | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:14:12:14:21 | '/isAdmin' | contextSurroundingFunctionParameters | () |
-| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
-| index.js:14:12:14:21 | '/isAdmin' | enclosingFunctionName | flowFromSourceToNotASink |
-| index.js:14:12:14:21 | '/isAdmin' | fileImports | express mongoose |
-| index.js:14:12:14:21 | '/isAdmin' | receiverName | app |
-| index.js:14:12:14:21 | '/isAdmin' | stringConcatenatedWith |  |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | CalleeFlexibleAccessPath | app.post |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputAccessPathFromCallee |  |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | InputArgumentIndex | 1 |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | assignedToPropName |  |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | calleeImports | express |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | contextSurroundingFunctionParameters | ()\n(req, res) |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | enclosingFunctionName | flowFromSourceToNotASink |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | fileImports | express mongoose |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | receiverName | app |
-| index.js:14:24:16:3 | (req, r ... n);\\n  } | stringConcatenatedWith |  |
-| index.js:15:17:15:32 | req.body.isAdmin | CalleeFlexibleAccessPath | console.log |
-| index.js:15:17:15:32 | req.body.isAdmin | InputAccessPathFromCallee |  |
-| index.js:15:17:15:32 | req.body.isAdmin | InputArgumentIndex | 0 |
-| index.js:15:17:15:32 | req.body.isAdmin | assignedToPropName |  |
-| index.js:15:17:15:32 | req.body.isAdmin | calleeImports |  |
-| index.js:15:17:15:32 | req.body.isAdmin | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:15:17:15:32 | req.body.isAdmin | contextSurroundingFunctionParameters | ()\n(req, res) |
-| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionBody | app post /isAdmin req res console log req body isAdmin |
-| index.js:15:17:15:32 | req.body.isAdmin | enclosingFunctionName | flowFromSourceToNotASink |
-| index.js:15:17:15:32 | req.body.isAdmin | fileImports | express mongoose |
-| index.js:15:17:15:32 | req.body.isAdmin | receiverName | console |
-| index.js:15:17:15:32 | req.body.isAdmin | stringConcatenatedWith |  |
-| index.js:20:13:20:31 | { 'isAdmin': true } | CalleeFlexibleAccessPath | User.find |
-| index.js:20:13:20:31 | { 'isAdmin': true } | InputAccessPathFromCallee |  |
-| index.js:20:13:20:31 | { 'isAdmin': true } | InputArgumentIndex | 0 |
-| index.js:20:13:20:31 | { 'isAdmin': true } | assignedToPropName |  |
-| index.js:20:13:20:31 | { 'isAdmin': true } | calleeImports | mongoose |
-| index.js:20:13:20:31 | { 'isAdmin': true } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:20:13:20:31 | { 'isAdmin': true } | contextSurroundingFunctionParameters | () |
-| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionBody | User find isAdmin true |
-| index.js:20:13:20:31 | { 'isAdmin': true } | enclosingFunctionName | notFlowFromSource |
-| index.js:20:13:20:31 | { 'isAdmin': true } | fileImports | express mongoose |
-| index.js:20:13:20:31 | { 'isAdmin': true } | receiverName | User |
-| index.js:20:13:20:31 | { 'isAdmin': true } | stringConcatenatedWith |  |
-| index.js:20:26:20:29 | true | CalleeFlexibleAccessPath | User.find |
-| index.js:20:26:20:29 | true | InputAccessPathFromCallee | 0.isAdmin |
-| index.js:20:26:20:29 | true | InputArgumentIndex | 0 |
-| index.js:20:26:20:29 | true | assignedToPropName | isAdmin |
-| index.js:20:26:20:29 | true | calleeImports | mongoose |
-| index.js:20:26:20:29 | true | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:20:26:20:29 | true | contextSurroundingFunctionParameters | () |
-| index.js:20:26:20:29 | true | enclosingFunctionBody | User find isAdmin true |
-| index.js:20:26:20:29 | true | enclosingFunctionName | notFlowFromSource |
-| index.js:20:26:20:29 | true | fileImports | express mongoose |
-| index.js:20:26:20:29 | true | receiverName |  |
-| index.js:20:26:20:29 | true | stringConcatenatedWith |  |
-| index.js:24:13:24:22 | "constant" | CalleeFlexibleAccessPath | User.find |
-| index.js:24:13:24:22 | "constant" | InputAccessPathFromCallee |  |
-| index.js:24:13:24:22 | "constant" | InputArgumentIndex | 0 |
-| index.js:24:13:24:22 | "constant" | assignedToPropName |  |
-| index.js:24:13:24:22 | "constant" | calleeImports | mongoose |
-| index.js:24:13:24:22 | "constant" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:24:13:24:22 | "constant" | contextSurroundingFunctionParameters | () |
-| index.js:24:13:24:22 | "constant" | enclosingFunctionBody | User find constant |
-| index.js:24:13:24:22 | "constant" | enclosingFunctionName | constantExpression |
-| index.js:24:13:24:22 | "constant" | fileImports | express mongoose |
-| index.js:24:13:24:22 | "constant" | receiverName | User |
-| index.js:24:13:24:22 | "constant" | stringConcatenatedWith |  |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | CalleeFlexibleAccessPath | User.find |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputAccessPathFromCallee |  |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | InputArgumentIndex | 0 |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | assignedToPropName |  |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | calleeImports | mongoose |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | contextSurroundingFunctionParameters | () |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | fileImports | express mongoose |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
-| index.js:28:13:28:28 | UNDEFINED_GLOBAL | stringConcatenatedWith |  |
-| index.js:32:15:32:24 | "someData" | CalleeFlexibleAccessPath | console.log |
-| index.js:32:15:32:24 | "someData" | InputAccessPathFromCallee |  |
-| index.js:32:15:32:24 | "someData" | InputArgumentIndex | 0 |
-| index.js:32:15:32:24 | "someData" | assignedToPropName |  |
-| index.js:32:15:32:24 | "someData" | calleeImports |  |
-| index.js:32:15:32:24 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:32:15:32:24 | "someData" | contextSurroundingFunctionParameters | () |
-| index.js:32:15:32:24 | "someData" | enclosingFunctionBody | console log someData |
-| index.js:32:15:32:24 | "someData" | enclosingFunctionName | notASink |
-| index.js:32:15:32:24 | "someData" | fileImports | express mongoose |
-| index.js:32:15:32:24 | "someData" | receiverName | console |
-| index.js:32:15:32:24 | "someData" | stringConcatenatedWith |  |
-| index.js:36:20:36:22 | "a" | CalleeFlexibleAccessPath | ?.startsWith |
-| index.js:36:20:36:22 | "a" | InputAccessPathFromCallee |  |
-| index.js:36:20:36:22 | "a" | InputArgumentIndex | 0 |
-| index.js:36:20:36:22 | "a" | assignedToPropName |  |
-| index.js:36:20:36:22 | "a" | calleeImports |  |
-| index.js:36:20:36:22 | "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:36:20:36:22 | "a" | contextSurroundingFunctionParameters | () |
-| index.js:36:20:36:22 | "a" | enclosingFunctionBody | abc startsWith a |
-| index.js:36:20:36:22 | "a" | enclosingFunctionName | notASinkMultipleReasons |
-| index.js:36:20:36:22 | "a" | fileImports | express mongoose |
-| index.js:36:20:36:22 | "a" | receiverName |  |
-| index.js:36:20:36:22 | "a" | stringConcatenatedWith |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | CalleeFlexibleAccessPath | User.find |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | InputAccessPathFromCallee |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | InputArgumentIndex | 0 |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | assignedToPropName |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | calleeImports | mongoose |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | contextSurroundingFunctionParameters | () |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionBody |  |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | enclosingFunctionName | veryLongFunctionBody |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | fileImports | express mongoose |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | receiverName | User |
-| index.js:41:13:68:61 | "a" + " ... " + "a" | stringConcatenatedWith |  |
-| index.js:78:30:78:39 | "someData" | CalleeFlexibleAccessPath | console.log |
-| index.js:78:30:78:39 | "someData" | InputAccessPathFromCallee |  |
-| index.js:78:30:78:39 | "someData" | InputArgumentIndex | 0 |
-| index.js:78:30:78:39 | "someData" | assignedToPropName |  |
-| index.js:78:30:78:39 | "someData" | calleeImports |  |
-| index.js:78:30:78:39 | "someData" | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:78:30:78:39 | "someData" | contextSurroundingFunctionParameters | () |
-| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
-| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
-| index.js:78:30:78:39 | "someData" | fileImports | express mongoose |
-| index.js:78:30:78:39 | "someData" | receiverName | console |
-| index.js:78:30:78:39 | "someData" | stringConcatenatedWith |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | CalleeFlexibleAccessPath | $.ajax |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputAccessPathFromCallee |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | InputArgumentIndex | 0 |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | assignedToPropName |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | calleeImports |  |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | contextSurroundingFunctionParameters | (foo) |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionBody | foo $ ajax url foo bar |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | enclosingFunctionName | effectiveSinkAndNotASink |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | fileImports | express mongoose |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | receiverName | $ |
-| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | stringConcatenatedWith |  |
-| index.js:84:12:84:18 | foo.bar | CalleeFlexibleAccessPath | $.ajax |
-| index.js:84:12:84:18 | foo.bar | InputAccessPathFromCallee | 0.url |
-| index.js:84:12:84:18 | foo.bar | InputArgumentIndex | 0 |
-| index.js:84:12:84:18 | foo.bar | assignedToPropName | url |
-| index.js:84:12:84:18 | foo.bar | calleeImports |  |
-| index.js:84:12:84:18 | foo.bar | contextFunctionInterfaces | constantExpression()\neffectiveSinkAndNotASink(foo)\nflowFromSourceToNotASink()\nflowFromSourceToSink()\nidentity(x)\nnotASink()\nnotASinkMultipleReasons()\nnotConstantExpression()\nnotFlowFromSource()\nveryLongFunctionBody() |
-| index.js:84:12:84:18 | foo.bar | contextSurroundingFunctionParameters | (foo) |
-| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
-| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
-| index.js:84:12:84:18 | foo.bar | fileImports | express mongoose |
-| index.js:84:12:84:18 | foo.bar | receiverName |  |
-| index.js:84:12:84:18 | foo.bar | stringConcatenatedWith |  |
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.qlref
@@ -1 +0,0 @@
-extraction/ExtractEndpointDataEvaluation.ql
				`@@ -1 +0,0 @@`
				`extraction/ExtractEndpointDataEvaluation.ql`