mirror of
https://github.com/github/codeql.git
synced 2026-04-23 15:55:18 +02:00
JS: Update output after line number change
Some OK-style comments had to be moved to the following line, shifting line numbers. In selected range also included the comments themselves. Lastly, the result sets were reordered by the CLI in some cases.
This commit is contained in:
Asger F
@@ -2,5 +2,5 @@
|
||||
| repeated-injection.js:6:5:6:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:8:54:8:73 | ['name', $Injected2] | dependency injections |
|
||||
| repeated-injection.js:10:5:10:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:11:5:11:22 | $Injected3.$inject | dependency injections |
|
||||
| repeated-injection.js:10:5:10:31 | functio ... name){} | This function has $@ defined in multiple places. | repeated-injection.js:12:5:12:22 | $Injected3.$inject | dependency injections |
|
||||
| repeated-injection.js:33:5:33:84 | functio ... )\\n } | This function has $@ defined in multiple places. | repeated-injection.js:35:5:35:23 | $Injected10.$inject | dependency injections |
|
||||
| repeated-injection.js:33:5:33:84 | functio ... )\\n } | This function has $@ defined in multiple places. | repeated-injection.js:36:56:36:76 | ['name' ... cted10] | dependency injections |
|
||||
| repeated-injection.js:33:5:33:85 | functio ... n\\n } | This function has $@ defined in multiple places. | repeated-injection.js:35:5:35:23 | $Injected10.$inject | dependency injections |
|
||||
| repeated-injection.js:33:5:33:85 | functio ... n\\n } | This function has $@ defined in multiple places. | repeated-injection.js:36:56:36:76 | ['name' ... cted10] | dependency injections |
|
||||
|
||||
@@ -2,4 +2,4 @@
|
||||
| unused-angular-dependency.js:14:14:14:39 | ["unuse ... n() {}] | This function has 0 parameters, but 1 dependency is injected into it. |
|
||||
| unused-angular-dependency.js:16:14:16:53 | ["used2 ... d2) {}] | This function has 1 parameter, but 2 dependencies are injected into it. |
|
||||
| unused-angular-dependency.js:17:14:17:52 | ["unuse ... n() {}] | This function has 0 parameters, but 2 dependencies are injected into it. |
|
||||
| unused-angular-dependency.js:18:14:18:105 | ["used2 ... }] | This function has 1 parameter, but 2 dependencies are injected into it. |
|
||||
| unused-angular-dependency.js:18:14:18:106 | ["used2 ... }] | This function has 1 parameter, but 2 dependencies are injected into it. |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
| tst2.html:3:6:3:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
| tst.html:8:6:8:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
| tst.html:10:40:10:83 | srcset=#/resources/pics-large/{{item._id}} | Use 'ng-srcset' instead of 'srcset'. |
|
||||
| tst.html:11:10:11:52 | src=#/resources/pics-default/{{item._id}} | Use 'ng-src' instead of 'src'. |
|
||||
| tst_fragment.html:3:6:3:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
| tst2.html:2:6:2:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
| tst.html:7:6:7:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
| tst.html:9:40:9:83 | srcset=#/resources/pics-large/{{item._id}} | Use 'ng-srcset' instead of 'srcset'. |
|
||||
| tst.html:10:10:10:52 | src=#/resources/pics-default/{{item._id}} | Use 'ng-src' instead of 'src'. |
|
||||
| tst_fragment.html:2:6:2:24 | href={{help_url}} | Use 'ng-href' instead of 'href'. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| AmbiguousIdAttribute.html:4:5:4:14 | id=first | This element has the same id as $@. | AmbiguousIdAttribute.html:5:5:5:14 | id=first | another element |
|
||||
| AmbiguousIdAttribute_fragment.html:2:7:2:16 | id=first | This element has the same id as $@. | AmbiguousIdAttribute_fragment.html:3:7:3:16 | id=first | another element |
|
||||
| tst.js:22:22:22:33 | id="theDiff" | This element has the same id as $@. | tst.js:22:46:22:57 | id="theDiff" | another element |
|
||||
| tst.js:17:22:17:33 | id="theDiff" | This element has the same id as $@. | tst.js:17:46:17:57 | id="theDiff" | another element |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| ConflictingAttributes.html:1:4:1:27 | href=http://semmle.com | This attribute has the same name as $@ of the same element, but a different value. | ConflictingAttributes.html:1:29:1:53 | href=https://semmle.com | another attribute |
|
||||
| tst.js:6:4:6:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:6:29:6:53 | href="h ... le.com" | another attribute |
|
||||
| tst.js:16:4:16:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:16:29:16:46 | href={someValue()} | another attribute |
|
||||
| tst.js:5:4:5:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:5:29:5:53 | href="h ... le.com" | another attribute |
|
||||
| tst.js:12:4:12:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:12:29:12:46 | href={someValue()} | another attribute |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| DuplicateAttributes.html:1:4:1:28 | href=https://semmle.com | This attribute $@. | DuplicateAttributes.html:1:30:1:54 | href=https://semmle.com | is duplicated later |
|
||||
| tst.js:9:4:9:28 | href="h ... le.com" | This attribute $@. | tst.js:9:30:9:54 | href="h ... le.com" | is duplicated later |
|
||||
| tst.js:25:17:25:28 | id="theDiff" | This attribute $@. | tst.js:25:30:25:41 | id="theDiff" | is duplicated later |
|
||||
| tst.js:7:4:7:28 | href="h ... le.com" | This attribute $@. | tst.js:7:30:7:54 | href="h ... le.com" | is duplicated later |
|
||||
| tst.js:19:17:19:28 | id="theDiff" | This attribute $@. | tst.js:19:30:19:41 | id="theDiff" | is duplicated later |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
| AmbiguousIdAttributeGood.html:8:5:8:19 | id=invalid id | The value of the id attribute must not contain any space characters. |
|
||||
| AmbiguousIdAttributeGood.html:9:5:9:19 | id=invalid id | The value of the id attribute must not contain any space characters. |
|
||||
| MalformedIdAttribute.html:1:6:1:27 | id=heading important | The value of the id attribute must not contain any space characters. |
|
||||
| tst.js:12:6:12:10 | id="" | The value of the id attribute must contain at least one character. |
|
||||
| tst.js:13:6:13:13 | id="a b" | The value of the id attribute must not contain any space characters. |
|
||||
| tst.js:9:6:9:10 | id="" | The value of the id attribute must contain at least one character. |
|
||||
| tst.js:10:6:10:13 | id="a b" | The value of the id attribute must not contain any space characters. |
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
| tst.html:24:1:24:48 | <a>...</> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.html:25:1:25:36 | <a>...</> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.html:30:1:30:61 | <a>...</> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:18:1:18:43 | <a href ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:19:1:19:58 | <a href ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:20:1:20:51 | <a data ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:33:12:33:39 | $("<a/> ... X}}" }) | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:42:12:42:20 | $("<a/>") | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:17:1:17:43 | <a href ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:18:1:18:58 | <a href ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:19:1:19:51 | <a data ... ple</a> | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:31:12:31:39 | $("<a/> ... X}}" }) | External links without noopener/noreferrer are a potential security risk. |
|
||||
| tst.js:39:12:39:20 | $("<a/>") | External links without noopener/noreferrer are a potential security risk. |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
| classes.js:4:1:4:10 | class C {} | Assignment to variable C, which is $@ constant. | classes.js:1:1:1:13 | const C = 45; | declared |
|
||||
| functions.js:4:10:4:10 | C | Assignment to variable C, which is $@ constant. | functions.js:1:1:1:13 | const C = 45; | declared |
|
||||
| tst.js:4:1:4:6 | x = 42 | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:7:1:7:6 | y = 23 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:10:5:10:10 | y = -1 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:13:1:13:3 | ++x | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:25:10:25:14 | [ c ] | Assignment to variable c, which is $@ constant. | tst.js:24:5:24:19 | const c = null; | declared |
|
||||
| classes.js:3:1:3:10 | class C {} | Assignment to variable C, which is $@ constant. | classes.js:1:1:1:13 | const C = 45; | declared |
|
||||
| functions.js:3:10:3:10 | C | Assignment to variable C, which is $@ constant. | functions.js:1:1:1:13 | const C = 45; | declared |
|
||||
| tst.js:3:1:3:6 | x = 42 | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:5:1:5:6 | y = 23 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:7:5:7:10 | y = -1 | Assignment to variable y, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:9:1:9:3 | ++x | Assignment to variable x, which is $@ constant. | tst.js:1:1:1:21 | const x ... y = 42; | declared |
|
||||
| tst.js:21:10:21:14 | [ c ] | Assignment to variable c, which is $@ constant. | tst.js:20:5:20:19 | const c = null; | declared |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:3:24:3:36 | key = iter[1] | This initialization of key overwrites an $@. | tst.js:3:9:3:21 | key = iter[0] | earlier initialization |
|
||||
| tst.js:2:24:2:36 | key = iter[1] | This initialization of key overwrites an $@. | tst.js:2:9:2:21 | key = iter[0] | earlier initialization |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:2:1:2:1 | g | This definition of g is useless, since its value is never read. |
|
||||
| tst.js:1:1:1:1 | g | This definition of g is useless, since its value is never read. |
|
||||
| worker.js:3:1:3:9 | onmissage | This definition of onmissage is useless, since its value is never read. |
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
| overload.ts:10:12:10:14 | baz | The value assigned to baz here is unused. |
|
||||
| tst2.js:26:9:26:14 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst2.js:28:9:28:14 | x = 42 | The value assigned to x here is unused. |
|
||||
| tst3.js:2:1:2:36 | exports ... a: 23 } | The value assigned to exports here is unused. |
|
||||
| tst3b.js:2:18:2:36 | exports = { a: 23 } | The value assigned to exports here is unused. |
|
||||
| tst.js:6:2:6:7 | y = 23 | The value assigned to y here is unused. |
|
||||
| tst.js:13:6:13:11 | a = 23 | The initial value of a is unused, since it is always overwritten. |
|
||||
| tst.js:13:14:13:19 | a = 42 | The value assigned to a here is unused. |
|
||||
| tst.js:45:6:45:11 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:51:6:51:11 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:132:7:132:13 | {x} = o | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:162:6:162:14 | [x] = [0] | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:172:7:172:17 | nSign = foo | The value assigned to nSign here is unused. |
|
||||
| tst2.js:25:9:25:14 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst2.js:27:9:27:14 | x = 42 | The value assigned to x here is unused. |
|
||||
| tst3.js:1:1:1:36 | exports ... a: 23 } | The value assigned to exports here is unused. |
|
||||
| tst3b.js:1:18:1:36 | exports = { a: 23 } | The value assigned to exports here is unused. |
|
||||
| tst.js:5:2:5:7 | y = 23 | The value assigned to y here is unused. |
|
||||
| tst.js:11:6:11:11 | a = 23 | The initial value of a is unused, since it is always overwritten. |
|
||||
| tst.js:11:14:11:19 | a = 42 | The value assigned to a here is unused. |
|
||||
| tst.js:43:6:43:11 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:49:6:49:11 | x = 23 | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:130:7:130:13 | {x} = o | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:160:6:160:14 | [x] = [0] | The initial value of x is unused, since it is always overwritten. |
|
||||
| tst.js:170:7:170:17 | nSign = foo | The value assigned to nSign here is unused. |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:2:11:2:16 | a = 42 | Variable a has already $@. | tst.js:2:5:2:5 | a | been previously declared |
|
||||
| tst.js:1:11:1:16 | a = 42 | Variable a has already $@. | tst.js:1:5:1:5 | a | been previously declared |
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
| abstract-missing.ts:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | abstract-missing.ts:6:3:6:32 | abstrac ... ties(); | setAudioProperties |
|
||||
| indirection.js:7:9:7:20 | m("default") | This call refers to a global function, and not the local method $@. | indirection.js:2:5:4:5 | m() {\\n ... K\\n } | m |
|
||||
| indirection.js:7:9:7:20 | m("default") | This call refers to a global function, and not the local method $@. | indirection.js:2:5:4:5 | m() {\\n ... ;\\n } | m |
|
||||
| missing1.js:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | missing1.js:6:3:7:3 | setAudi ... (){\\n } | setAudioProperties |
|
||||
| missing2.js:3:5:3:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | missing2.js:7:3:8:3 | static ... (){\\n } | setAudioProperties |
|
||||
| namespaces-uses.ts:3:5:3:20 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:2:3:4:3 | globalF ... OK\\n } | globalFunction |
|
||||
| namespaces-uses.ts:6:5:6:26 | topName ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:5:3:7:3 | topName ... OK\\n } | topNamespaceFunction |
|
||||
| namespaces-uses.ts:9:5:9:28 | childNa ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:8:3:10:3 | childNa ... OK\\n } | childNamespaceFunction |
|
||||
| namespaces-uses.ts:16:7:16:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:15:5:17:5 | globalF ... K\\n } | globalFunction |
|
||||
| namespaces-uses.ts:30:7:30:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:29:5:31:5 | globalF ... K\\n } | globalFunction |
|
||||
| namespaces-uses.ts:3:5:3:20 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:2:3:4:3 | globalF ... ert\\n } | globalFunction |
|
||||
| namespaces-uses.ts:6:5:6:26 | topName ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:5:3:7:3 | topName ... ert\\n } | topNamespaceFunction |
|
||||
| namespaces-uses.ts:9:5:9:28 | childNa ... ction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:8:3:10:3 | childNa ... ert\\n } | childNamespaceFunction |
|
||||
| namespaces-uses.ts:16:7:16:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:15:5:17:5 | globalF ... t\\n } | globalFunction |
|
||||
| namespaces-uses.ts:30:7:30:22 | globalFunction() | This call refers to a global function, and not the local method $@. | namespaces-uses.ts:29:5:31:5 | globalF ... t\\n } | globalFunction |
|
||||
| not-ignored-by-jslint.js:4:5:4:24 | setAudioProperties() | This call refers to a global function, and not the local method $@. | not-ignored-by-jslint.js:7:3:8:3 | setAudi ... (){\\n } | setAudioProperties |
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
| test.js:6:7:6:7 | i | Variable i is used like a local variable, but is missing a declaration. |
|
||||
| test.js:14:7:14:7 | i | Variable i is used like a local variable, but is missing a declaration. |
|
||||
| test.js:23:2:23:2 | y | Variable y is used like a local variable, but is missing a declaration. |
|
||||
| test.js:54:10:54:10 | z | Variable z is used like a local variable, but is missing a declaration. |
|
||||
| test.js:60:6:60:6 | y | Variable y is used like a local variable, but is missing a declaration. |
|
||||
| test.js:66:2:66:2 | z | Variable z is used like a local variable, but is missing a declaration. |
|
||||
| test.js:72:9:72:20 | unresolvable | Variable unresolvable is used like a local variable, but is missing a declaration. |
|
||||
| test.js:5:7:5:7 | i | Variable i is used like a local variable, but is missing a declaration. |
|
||||
| test.js:12:7:12:7 | i | Variable i is used like a local variable, but is missing a declaration. |
|
||||
| test.js:20:2:20:2 | y | Variable y is used like a local variable, but is missing a declaration. |
|
||||
| test.js:50:10:50:10 | z | Variable z is used like a local variable, but is missing a declaration. |
|
||||
| test.js:55:6:55:6 | y | Variable y is used like a local variable, but is missing a declaration. |
|
||||
| test.js:60:2:60:2 | z | Variable z is used like a local variable, but is missing a declaration. |
|
||||
| test.js:66:9:66:20 | unresolvable | Variable unresolvable is used like a local variable, but is missing a declaration. |
|
||||
| tst3.js:7:10:7:10 | x | Variable x is used like a local variable, but is missing a declaration. |
|
||||
| tst3.js:7:16:7:19 | rest | Variable rest is used like a local variable, but is missing a declaration. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| instanceStatic.js:3:9:3:16 | this.baz | Access to instance method $@ from static method $@ is not possible through `this`. | instanceStatic.js:5:5:7:5 | baz(){\\n\\n } | baz | instanceStatic.js:2:5:4:5 | static ... K\\n } | bar |
|
||||
| staticInstance.js:3:9:3:16 | this.baz | Access to static method $@ from instance method $@ is not possible through `this`. | staticInstance.js:5:5:6:5 | static baz(){\\n } | baz | staticInstance.js:2:5:4:5 | bar(){\\n ... K\\n } | bar |
|
||||
| tst.js:66:9:66:14 | this.f | Access to instance method $@ from static method $@ is not possible through `this`. | tst.js:60:5:62:5 | f() {\\n\\n } | f | tst.js:65:5:67:5 | static ... K\\n } | test |
|
||||
| instanceStatic.js:3:9:3:16 | this.baz | Access to instance method $@ from static method $@ is not possible through `this`. | instanceStatic.js:5:5:7:5 | baz(){\\n\\n } | baz | instanceStatic.js:2:5:4:5 | static ... t\\n } | bar |
|
||||
| staticInstance.js:3:9:3:16 | this.baz | Access to static method $@ from instance method $@ is not possible through `this`. | staticInstance.js:5:5:6:5 | static baz(){\\n } | baz | staticInstance.js:2:5:4:5 | bar(){\\n ... t\\n } | bar |
|
||||
| tst.js:66:9:66:14 | this.f | Access to instance method $@ from static method $@ is not possible through `this`. | tst.js:60:5:62:5 | f() {\\n\\n } | f | tst.js:65:5:67:5 | static ... t\\n } | test |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:3:5:3:5 | s | This expression refers to $@ inside its temporal dead zone. | tst.js:4:5:4:17 | let s = "hi"; | s |
|
||||
| tst.js:2:5:2:5 | s | This expression refers to $@ inside its temporal dead zone. | tst.js:3:5:3:17 | let s = "hi"; | s |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
| istype.ts:18:15:18:18 | node | The parameter 'node' is never used. |
|
||||
| parameter_field.ts:6:15:6:15 | x | The parameter 'x' is never used. |
|
||||
| tst2.js:1:12:1:12 | x | The parameter 'x' is never used. |
|
||||
| tst2.js:29:12:29:12 | x | The parameter 'x' is never used. |
|
||||
| tst.js:7:32:7:34 | idx | The parameter 'idx' is never used. |
|
||||
| tst.js:12:13:12:13 | x | The parameter 'x' is never used. |
|
||||
| tst2.js:28:12:28:12 | x | The parameter 'x' is never used. |
|
||||
| tst.js:6:32:6:34 | idx | The parameter 'idx' is never used. |
|
||||
| tst.js:10:13:10:13 | x | The parameter 'x' is never used. |
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
| decorated.ts:4:10:4:12 | fun | Unused function fun. |
|
||||
| eval.js:10:9:10:24 | not_used_by_eval | Unused variable not_used_by_eval. |
|
||||
| eval.js:19:9:19:24 | not_used_by_eval | Unused variable not_used_by_eval. |
|
||||
| externs.js:6:5:6:13 | iAmUnused | Unused variable iAmUnused. |
|
||||
| externs.js:5:5:5:13 | iAmUnused | Unused variable iAmUnused. |
|
||||
| importWithoutPragma.jsx:1:1:1:27 | import ... react'; | Unused import h. |
|
||||
| interTypes.ts:1:1:1:37 | import ... where"; | Unused import Bar. |
|
||||
| multi-imports.js:1:1:1:29 | import ... om 'x'; | Unused imports a, b, d. |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
| EnablingNodeIntegration.js:5:28:11:9 | {\\n ... } | The `nodeIntegrationInWorker` feature has been enabled. |
|
||||
| EnablingNodeIntegration.js:5:28:11:9 | {\\n ... } | The `nodeIntegration` feature has been enabled. |
|
||||
| EnablingNodeIntegration.js:15:22:20:9 | {\\n ... } | The `nodeIntegration` feature is enabled by default. |
|
||||
| EnablingNodeIntegration.js:23:16:27:9 | { // NO ... } | The `nodeIntegration` feature is enabled by default. |
|
||||
| EnablingNodeIntegration.js:23:16:27:9 | { // $ ... } | The `nodeIntegration` feature is enabled by default. |
|
||||
| EnablingNodeIntegration.js:49:74:49:96 | {nodeIn ... : true} | The `nodeIntegration` feature has been enabled. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:2:9:2:24 | (x & (1<<n)) > 0 | Potentially unsafe sign check of a bitwise operation. |
|
||||
| tst.js:14:13:14:25 | (x >>> 0) > 0 | Potentially unsafe sign check of a bitwise operation. |
|
||||
| tst.js:23:1:23:21 | (x & 0x ... 00) > 0 | Potentially unsafe sign check of a bitwise operation. |
|
||||
| tst.js:13:13:13:25 | (x >>> 0) > 0 | Potentially unsafe sign check of a bitwise operation. |
|
||||
| tst.js:21:1:21:21 | (x & 0x ... 00) > 0 | Potentially unsafe sign check of a bitwise operation. |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:11:10:11:15 | y <= y | This expression compares $@ to itself. | tst.js:11:10:11:10 | y | y |
|
||||
| tst.js:22:1:22:35 | (functi ... n() {}) | This expression compares $@ to itself. | tst.js:22:1:22:16 | (function() { }) | (function() { }) |
|
||||
| tst.js:21:1:21:35 | (functi ... n() {}) | This expression compares $@ to itself. | tst.js:21:1:21:16 | (function() { }) | (function() { }) |
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
| try.js:22:9:22:26 | x.ordinaryProperty | This expression has no effect. |
|
||||
| tst2.js:3:4:3:4 | 0 | This expression has no effect. |
|
||||
| tst2.js:2:4:2:4 | 0 | This expression has no effect. |
|
||||
| tst.js:3:1:3:2 | 23 | This expression has no effect. |
|
||||
| tst.js:5:1:5:2 | 23 | This expression has no effect. |
|
||||
| tst.js:7:6:7:7 | 23 | This expression has no effect. |
|
||||
| tst.js:9:1:9:1 | 1 | This expression has no effect. |
|
||||
| tst.js:23:1:23:1 | x | This expression has no effect. |
|
||||
| tst.js:43:5:43:9 | "foo" | This expression has no effect. |
|
||||
| tst.js:49:3:49:26 | new Err ... ou so") | This expression has no effect. |
|
||||
| tst.js:50:3:50:49 | new Syn ... o me?") | This expression has no effect. |
|
||||
| tst.js:51:3:51:36 | new Err ... age(e)) | This expression has no effect. |
|
||||
| tst.js:62:2:62:20 | o.trivialNonGetter1 | This expression has no effect. |
|
||||
| tst.js:78:24:78:24 | o | This expression has no effect. |
|
||||
| tst.js:22:1:22:1 | x | This expression has no effect. |
|
||||
| tst.js:42:5:42:9 | "foo" | This expression has no effect. |
|
||||
| tst.js:48:3:48:26 | new Err ... ou so") | This expression has no effect. |
|
||||
| tst.js:49:3:49:49 | new Syn ... o me?") | This expression has no effect. |
|
||||
| tst.js:50:3:50:36 | new Err ... age(e)) | This expression has no effect. |
|
||||
| tst.js:61:2:61:20 | o.trivialNonGetter1 | This expression has no effect. |
|
||||
| tst.js:77:24:77:24 | o | This expression has no effect. |
|
||||
| uselessfn.js:1:1:1:15 | (functi ... .");\\n}) | This expression has no effect. |
|
||||
|
||||
@@ -1,53 +1,53 @@
|
||||
| interprocedural.js:11:9:11:13 | known | Variable 'known' is of type string, but it is compared to $@ of type number. | interprocedural.js:11:19:11:20 | 42 | an expression |
|
||||
| interprocedural.js:15:9:15:18 | getKnown() | This expression is of type string, but it is compared to $@ of type number. | interprocedural.js:15:24:15:25 | 42 | an expression |
|
||||
| interprocedural.js:17:9:17:27 | getKnown_indirect() | This expression is of type string, but it is compared to $@ of type number. | interprocedural.js:17:33:17:34 | 42 | an expression |
|
||||
| tst.js:2:5:2:17 | typeof window | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:2:23:2:31 | undefined | 'undefined' |
|
||||
| tst.js:10:28:10:34 | "Hello" | This expression is of type string, but it is compared to $@ of type number. | tst.js:10:39:10:39 | 0 | an expression |
|
||||
| tst.js:20:1:20:4 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:20:9:20:9 | 0 | an expression |
|
||||
| tst.js:24:6:24:7 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:23:9:23:12 | "hi" | an expression |
|
||||
| tst.js:28:1:28:23 | Object. ... ) + "!" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:28:28:28:36 | undefined | 'undefined' |
|
||||
| tst.js:31:1:31:29 | (+f() \| ... + k())) | This expression is of type boolean, number or string, but it is compared to $@ of type undefined. | tst.js:31:34:31:42 | undefined | 'undefined' |
|
||||
| tst.js:34:5:34:19 | !Module['load'] | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:34:24:34:34 | 'undefined' | an expression |
|
||||
| tst.js:48:3:48:8 | number | Variable 'number' is of type number, but it is compared to $@ of type string. | tst.js:48:13:48:18 | "zero" | an expression |
|
||||
| tst.js:52:1:52:1 | 0 | This expression is of type number, but it is compared to $@ of type object or undefined. | tst.js:52:5:52:43 | (Math.r ... [1, 2]) | an expression |
|
||||
| tst.js:88:31:88:32 | x2 | Variable 'x2' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:88:38:88:41 | null | an expression |
|
||||
| tst.js:91:35:91:36 | x3 | Variable 'x3' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:91:42:91:45 | null | an expression |
|
||||
| tst.js:101:5:101:6 | x5 | Variable 'x5' cannot be of type null, but it is compared to $@ of type null. | tst.js:101:12:101:15 | null | an expression |
|
||||
| tst.js:104:9:104:10 | x6 | Variable 'x6' cannot be of type null, but it is compared to $@ of type null. | tst.js:104:16:104:19 | null | an expression |
|
||||
| tst.js:110:5:110:5 | o | Variable 'o' is of type object, but it is compared to $@ of type string. | tst.js:110:9:110:13 | "def" | an expression |
|
||||
| tst.js:117:5:117:5 | a | Variable 'a' is of type object, but it is compared to $@ of type string. | tst.js:117:9:117:13 | "def" | an expression |
|
||||
| tst.js:131:5:131:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:131:13:131:14 | 42 | an expression |
|
||||
| tst.js:134:5:134:8 | true | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:134:13:134:17 | "bar" | an expression |
|
||||
| tst.js:142:5:142:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:142:11:142:14 | "42" | an expression |
|
||||
| tst.js:143:5:143:6 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:143:12:143:12 | b | variable 'b' |
|
||||
| tst.js:144:5:144:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:144:11:144:11 | b | variable 'b' |
|
||||
| tst.js:148:5:148:9 | "foo" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:148:15:148:23 | undefined | 'undefined' |
|
||||
| tst.js:149:5:149:13 | undefined | 'undefined' is of type undefined, but it is compared to $@ of type string. | tst.js:149:19:149:23 | "foo" | an expression |
|
||||
| tst.js:151:5:151:7 | NaN | 'NaN' is of type number, but it is compared to $@ of type string. | tst.js:151:13:151:17 | "foo" | an expression |
|
||||
| tst.js:153:5:153:12 | Infinity | 'Infinity' is of type number, but it is compared to $@ of type string. | tst.js:153:18:153:22 | "foo" | an expression |
|
||||
| tst.js:160:5:160:6 | t1 | Variable 't1' is of type number, but it is compared to $@ of type null. | tst.js:160:12:160:15 | null | an expression |
|
||||
| tst.js:161:5:161:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:161:14:161:15 | t1 | variable 't1' |
|
||||
| tst.js:164:5:164:6 | t2 | Variable 't2' is of type number or string, but it is compared to $@ of type null. | tst.js:164:12:164:15 | null | an expression |
|
||||
| tst.js:165:5:165:8 | null | This expression is of type null, but it is compared to $@ of type number or string. | tst.js:165:14:165:15 | t2 | variable 't2' |
|
||||
| tst.js:168:5:168:6 | t3 | Variable 't3' is of type number, string or undefined, but it is compared to $@ of type null. | tst.js:168:12:168:15 | null | an expression |
|
||||
| tst.js:169:5:169:8 | null | This expression is of type null, but it is compared to $@ of type number, string or undefined. | tst.js:169:14:169:15 | t3 | variable 't3' |
|
||||
| tst.js:172:5:172:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type null. | tst.js:172:12:172:15 | null | an expression |
|
||||
| tst.js:173:5:173:8 | null | This expression is of type null, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:173:14:173:15 | t4 | variable 't4' |
|
||||
| tst.js:176:5:176:6 | t5 | Variable 't5' cannot be of type null, but it is compared to $@ of type null. | tst.js:176:12:176:15 | null | an expression |
|
||||
| tst.js:177:5:177:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:177:14:177:15 | t5 | variable 't5' |
|
||||
| tst.js:180:5:180:6 | t6 | Variable 't6' cannot be of type null, but it is compared to $@ of type null. | tst.js:180:12:180:15 | null | an expression |
|
||||
| tst.js:181:5:181:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:181:14:181:15 | t6 | variable 't6' |
|
||||
| tst.js:184:5:184:6 | t7 | Variable 't7' cannot be of type null, but it is compared to $@ of type null. | tst.js:184:12:184:15 | null | an expression |
|
||||
| tst.js:185:5:185:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:185:14:185:15 | t7 | variable 't7' |
|
||||
| tst.js:188:5:188:6 | t8 | Variable 't8' cannot be of type null, but it is compared to $@ of type null. | tst.js:188:12:188:15 | null | an expression |
|
||||
| tst.js:189:5:189:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:189:14:189:15 | t8 | variable 't8' |
|
||||
| tst.js:202:5:202:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:202:12:202:13 | t4 | variable 't4' |
|
||||
| tst.js:203:5:203:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function or regular expression. | tst.js:203:12:203:13 | t2 | variable 't2' |
|
||||
| tst.js:204:5:204:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:204:12:204:13 | t4 | variable 't4' |
|
||||
| tst.js:205:5:205:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:205:12:205:13 | t3 | variable 't3' |
|
||||
| tst.js:207:5:207:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ , which cannot be of type function or regular expression. | tst.js:207:12:207:13 | t5 | variable 't5' |
|
||||
| tst.js:208:5:208:6 | t5 | Variable 't5' cannot be of type function or regular expression, but it is compared to $@ of type function or regular expression. | tst.js:208:12:208:13 | t2 | variable 't2' |
|
||||
| tst.js:209:5:209:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, null, number, string or undefined. | tst.js:209:12:209:13 | t5 | variable 't5' |
|
||||
| tst.js:210:5:210:6 | t5 | Variable 't5' is of type boolean, null, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:210:12:210:13 | t3 | variable 't3' |
|
||||
| tst.js:225:13:225:14 | xy | Variable 'xy' is of type undefined, but it is compared to $@ of type string. | tst.js:225:20:225:24 | "foo" | an expression |
|
||||
| tst.js:233:5:233:5 | x | Variable 'x' is of type object, but it is compared to $@ of type number. | tst.js:233:11:233:12 | 42 | an expression |
|
||||
| tst.js:1:5:1:17 | typeof window | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:1:23:1:31 | undefined | 'undefined' |
|
||||
| tst.js:8:28:8:34 | "Hello" | This expression is of type string, but it is compared to $@ of type number. | tst.js:8:39:8:39 | 0 | an expression |
|
||||
| tst.js:17:1:17:4 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:17:9:17:9 | 0 | an expression |
|
||||
| tst.js:20:6:20:7 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:19:9:19:12 | "hi" | an expression |
|
||||
| tst.js:23:1:23:23 | Object. ... ) + "!" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:23:28:23:36 | undefined | 'undefined' |
|
||||
| tst.js:25:1:25:29 | (+f() \| ... + k())) | This expression is of type boolean, number or string, but it is compared to $@ of type undefined. | tst.js:25:34:25:42 | undefined | 'undefined' |
|
||||
| tst.js:27:5:27:19 | !Module['load'] | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:27:24:27:34 | 'undefined' | an expression |
|
||||
| tst.js:41:3:41:8 | number | Variable 'number' is of type number, but it is compared to $@ of type string. | tst.js:41:13:41:18 | "zero" | an expression |
|
||||
| tst.js:44:1:44:1 | 0 | This expression is of type number, but it is compared to $@ of type object or undefined. | tst.js:44:5:44:43 | (Math.r ... [1, 2]) | an expression |
|
||||
| tst.js:79:31:79:32 | x2 | Variable 'x2' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:79:38:79:41 | null | an expression |
|
||||
| tst.js:82:35:82:36 | x3 | Variable 'x3' is of type date, object or regular expression, but it is compared to $@ of type null. | tst.js:82:42:82:45 | null | an expression |
|
||||
| tst.js:92:5:92:6 | x5 | Variable 'x5' cannot be of type null, but it is compared to $@ of type null. | tst.js:92:12:92:15 | null | an expression |
|
||||
| tst.js:95:9:95:10 | x6 | Variable 'x6' cannot be of type null, but it is compared to $@ of type null. | tst.js:95:16:95:19 | null | an expression |
|
||||
| tst.js:101:5:101:5 | o | Variable 'o' is of type object, but it is compared to $@ of type string. | tst.js:101:9:101:13 | "def" | an expression |
|
||||
| tst.js:108:5:108:5 | a | Variable 'a' is of type object, but it is compared to $@ of type string. | tst.js:108:9:108:13 | "def" | an expression |
|
||||
| tst.js:122:5:122:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:122:13:122:14 | 42 | an expression |
|
||||
| tst.js:125:5:125:8 | true | This expression is of type boolean, but it is compared to $@ of type string. | tst.js:125:13:125:17 | "bar" | an expression |
|
||||
| tst.js:133:5:133:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:133:11:133:14 | "42" | an expression |
|
||||
| tst.js:134:5:134:6 | 42 | This expression is of type number, but it is compared to $@ of type string. | tst.js:134:12:134:12 | b | variable 'b' |
|
||||
| tst.js:135:5:135:5 | a | Variable 'a' is of type number, but it is compared to $@ of type string. | tst.js:135:11:135:11 | b | variable 'b' |
|
||||
| tst.js:139:5:139:9 | "foo" | This expression is of type string, but it is compared to $@ of type undefined. | tst.js:139:15:139:23 | undefined | 'undefined' |
|
||||
| tst.js:140:5:140:13 | undefined | 'undefined' is of type undefined, but it is compared to $@ of type string. | tst.js:140:19:140:23 | "foo" | an expression |
|
||||
| tst.js:142:5:142:7 | NaN | 'NaN' is of type number, but it is compared to $@ of type string. | tst.js:142:13:142:17 | "foo" | an expression |
|
||||
| tst.js:144:5:144:12 | Infinity | 'Infinity' is of type number, but it is compared to $@ of type string. | tst.js:144:18:144:22 | "foo" | an expression |
|
||||
| tst.js:151:5:151:6 | t1 | Variable 't1' is of type number, but it is compared to $@ of type null. | tst.js:151:12:151:15 | null | an expression |
|
||||
| tst.js:152:5:152:8 | null | This expression is of type null, but it is compared to $@ of type number. | tst.js:152:14:152:15 | t1 | variable 't1' |
|
||||
| tst.js:155:5:155:6 | t2 | Variable 't2' is of type number or string, but it is compared to $@ of type null. | tst.js:155:12:155:15 | null | an expression |
|
||||
| tst.js:156:5:156:8 | null | This expression is of type null, but it is compared to $@ of type number or string. | tst.js:156:14:156:15 | t2 | variable 't2' |
|
||||
| tst.js:159:5:159:6 | t3 | Variable 't3' is of type number, string or undefined, but it is compared to $@ of type null. | tst.js:159:12:159:15 | null | an expression |
|
||||
| tst.js:160:5:160:8 | null | This expression is of type null, but it is compared to $@ of type number, string or undefined. | tst.js:160:14:160:15 | t3 | variable 't3' |
|
||||
| tst.js:163:5:163:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type null. | tst.js:163:12:163:15 | null | an expression |
|
||||
| tst.js:164:5:164:8 | null | This expression is of type null, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:164:14:164:15 | t4 | variable 't4' |
|
||||
| tst.js:167:5:167:6 | t5 | Variable 't5' cannot be of type null, but it is compared to $@ of type null. | tst.js:167:12:167:15 | null | an expression |
|
||||
| tst.js:168:5:168:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:168:14:168:15 | t5 | variable 't5' |
|
||||
| tst.js:171:5:171:6 | t6 | Variable 't6' cannot be of type null, but it is compared to $@ of type null. | tst.js:171:12:171:15 | null | an expression |
|
||||
| tst.js:172:5:172:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:172:14:172:15 | t6 | variable 't6' |
|
||||
| tst.js:175:5:175:6 | t7 | Variable 't7' cannot be of type null, but it is compared to $@ of type null. | tst.js:175:12:175:15 | null | an expression |
|
||||
| tst.js:176:5:176:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:176:14:176:15 | t7 | variable 't7' |
|
||||
| tst.js:179:5:179:6 | t8 | Variable 't8' cannot be of type null, but it is compared to $@ of type null. | tst.js:179:12:179:15 | null | an expression |
|
||||
| tst.js:180:5:180:8 | null | This expression is of type null, but it is compared to $@ , which cannot be of type null. | tst.js:180:14:180:15 | t8 | variable 't8' |
|
||||
| tst.js:193:5:193:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:193:12:193:13 | t4 | variable 't4' |
|
||||
| tst.js:194:5:194:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function or regular expression. | tst.js:194:12:194:13 | t2 | variable 't2' |
|
||||
| tst.js:195:5:195:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, number, string or undefined. | tst.js:195:12:195:13 | t4 | variable 't4' |
|
||||
| tst.js:196:5:196:6 | t4 | Variable 't4' is of type boolean, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:196:12:196:13 | t3 | variable 't3' |
|
||||
| tst.js:198:5:198:6 | t2 | Variable 't2' is of type function or regular expression, but it is compared to $@ , which cannot be of type function or regular expression. | tst.js:198:12:198:13 | t5 | variable 't5' |
|
||||
| tst.js:199:5:199:6 | t5 | Variable 't5' cannot be of type function or regular expression, but it is compared to $@ of type function or regular expression. | tst.js:199:12:199:13 | t2 | variable 't2' |
|
||||
| tst.js:200:5:200:6 | t3 | Variable 't3' is of type function, object or regular expression, but it is compared to $@ of type boolean, null, number, string or undefined. | tst.js:200:12:200:13 | t5 | variable 't5' |
|
||||
| tst.js:201:5:201:6 | t5 | Variable 't5' is of type boolean, null, number, string or undefined, but it is compared to $@ of type function, object or regular expression. | tst.js:201:12:201:13 | t3 | variable 't3' |
|
||||
| tst.js:216:13:216:14 | xy | Variable 'xy' is of type undefined, but it is compared to $@ of type string. | tst.js:216:20:216:24 | "foo" | an expression |
|
||||
| tst.js:224:5:224:5 | x | Variable 'x' is of type object, but it is compared to $@ of type number. | tst.js:224:11:224:12 | 42 | an expression |
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
| tst.js:2:1:2:7 | !method | This expression will be implicitly converted from boolean to string. |
|
||||
| tst.js:17:6:17:9 | null | This expression will be implicitly converted from null to object. |
|
||||
| tst.js:20:6:20:13 | 'string' | This expression will be implicitly converted from string to object. |
|
||||
| tst.js:26:13:26:53 | "Settin ... o '%s'" | This expression will be implicitly converted from string to number. |
|
||||
| tst.js:29:18:29:26 | !callback | This expression will be implicitly converted from boolean to object. |
|
||||
| tst.js:53:5:53:10 | void 0 | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:61:3:61:3 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:67:8:67:8 | y | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:73:5:73:5 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:79:19:79:22 | name | This expression will be implicitly converted from undefined to string. |
|
||||
| tst.js:85:3:85:3 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:100:5:100:7 | f() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:106:5:106:7 | g() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:109:13:109:15 | g() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:110:13:110:15 | g() | This expression will be implicitly converted from undefined to string. |
|
||||
| tst.js:117:8:117:8 | y | This expression will be implicitly converted from string to number. |
|
||||
| tst.js:122:10:122:10 | y | This expression will be implicitly converted from string to number. |
|
||||
| tst.js:1:1:1:7 | !method | This expression will be implicitly converted from boolean to string. |
|
||||
| tst.js:15:6:15:9 | null | This expression will be implicitly converted from null to object. |
|
||||
| tst.js:17:6:17:13 | 'string' | This expression will be implicitly converted from string to object. |
|
||||
| tst.js:22:13:22:53 | "Settin ... o '%s'" | This expression will be implicitly converted from string to number. |
|
||||
| tst.js:24:18:24:26 | !callback | This expression will be implicitly converted from boolean to object. |
|
||||
| tst.js:47:5:47:10 | void 0 | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:54:3:54:3 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:59:8:59:8 | y | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:64:5:64:5 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:69:19:69:22 | name | This expression will be implicitly converted from undefined to string. |
|
||||
| tst.js:74:3:74:3 | x | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:89:5:89:7 | f() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:95:5:95:7 | g() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:98:13:98:15 | g() | This expression will be implicitly converted from undefined to number. |
|
||||
| tst.js:99:13:99:15 | g() | This expression will be implicitly converted from undefined to string. |
|
||||
| tst.js:106:8:106:8 | y | This expression will be implicitly converted from string to number. |
|
||||
| tst.js:111:10:111:10 | y | This expression will be implicitly converted from string to number. |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
| tst.js:5:19:5:24 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:26:5:26:10 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:26:16:26:21 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:32:27:32:34 | avalable | 'avalable' may be a typo for 'available'. |
|
||||
| tst.js:42:5:42:12 | throught | 'throught' may be a typo for 'through' or 'throughout'. |
|
||||
| tst.js:43:5:43:9 | sheat | 'sheat' may be a typo for 'cheat', 'sheath' or 'sheet'. |
|
||||
| tst.js:4:19:4:24 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:24:5:24:10 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:24:16:24:21 | lenght | 'lenght' may be a typo for 'length'. |
|
||||
| tst.js:29:27:29:34 | avalable | 'avalable' may be a typo for 'available'. |
|
||||
| tst.js:39:5:39:12 | throught | 'throught' may be a typo for 'through' or 'throughout'. |
|
||||
| tst.js:40:5:40:9 | sheat | 'sheat' may be a typo for 'cheat', 'sheath' or 'sheet'. |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
| jsdoc.js:9:5:9:19 | this.y = this.y | This expression assigns property y to itself. |
|
||||
| jsdoc.js:11:5:11:23 | this.arg = this.arg | This expression assigns property arg to itself. |
|
||||
| tst.js:5:2:5:14 | width = width | This expression assigns variable width to itself. |
|
||||
| tst.js:24:1:24:19 | array[1] = array[1] | This expression assigns element 1 to itself. |
|
||||
| tst.js:27:1:27:9 | o.x = o.x | This expression assigns property x to itself. |
|
||||
| tst.js:4:2:4:14 | width = width | This expression assigns variable width to itself. |
|
||||
| tst.js:22:1:22:19 | array[1] = array[1] | This expression assigns element 1 to itself. |
|
||||
| tst.js:24:1:24:9 | o.x = o.x | This expression assigns property x to itself. |
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
| namespace.ts:23:1:23:3 | g() | Callee is not a function: it has type object. |
|
||||
| optional-chaining.js:3:5:3:7 | a() | Callee is not a function: it has type null. |
|
||||
| optional-chaining.js:7:5:7:7 | b() | Callee is not a function: it has type undefined. |
|
||||
| super.js:11:5:11:11 | super() | Callee is not a function: it has type number. |
|
||||
| super.js:10:5:10:11 | super() | Callee is not a function: it has type number. |
|
||||
| unreachable-code.js:5:9:5:11 | f() | Callee is not a function: it has type undefined. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:2:9:2:16 | x + x>>1 | Whitespace around nested operators contradicts precedence. |
|
||||
| tst.js:42:9:42:20 | p in o&&o[p] | Whitespace around nested operators contradicts precedence. |
|
||||
| tst.js:49:1:49:12 | x + x >> 1 | Whitespace around nested operators contradicts precedence. |
|
||||
| tst.js:48:1:48:12 | x + x >> 1 | Whitespace around nested operators contradicts precedence. |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:6:15:6:15 | y | Parameter y is not documented. |
|
||||
| tst.js:26:19:26:19 | y | Parameter y is not documented. |
|
||||
| tst.js:4:15:4:15 | y | Parameter y is not documented. |
|
||||
| tst.js:23:19:23:19 | y | Parameter y is not documented. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:2:1:2:8 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:2:14:2:20 | 'array' | array |
|
||||
| tst.js:19:9:19:16 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:23:6:23:11 | 'null' | null |
|
||||
| tst.js:33:2:33:9 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:33:16:33:22 | 'array' | array |
|
||||
| tst.js:1:1:1:8 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:1:14:1:20 | 'array' | array |
|
||||
| tst.js:18:9:18:16 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:21:6:21:11 | 'null' | null |
|
||||
| tst.js:30:2:30:9 | typeof a | The result of this 'typeof' expression is compared to $@, but the two can never be equal. | tst.js:30:16:30:22 | 'array' | array |
|
||||
|
||||
@@ -3,4 +3,4 @@
|
||||
| letExpr.js:3:13:3:38 | let (x ... ) x + y | Use let declarations instead of let expressions. |
|
||||
| letStmt.js:3:1:5:1 | let (x ... + y);\\n} | Use let declarations instead of let statements. |
|
||||
| postfixComprehension.js:2:15:2:38 | [i*i fo ... mbers)] | Use prefix comprehensions instead of postfix comprehensions. |
|
||||
| tst.js:2:15:2:31 | function(x) x * x | Use arrow expressions instead of expression closures. |
|
||||
| tst.js:1:15:1:31 | function(x) x * x | Use arrow expressions instead of expression closures. |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
| tst.js:2:17:2:32 | i <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:3:15:3:21 | args[i] | read |
|
||||
| tst.js:7:17:7:32 | args.length >= i | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:8:15:8:21 | args[i] | read |
|
||||
| tst.js:18:5:18:20 | j <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:19:15:19:21 | args[j] | read |
|
||||
| tst.js:23:5:23:20 | args.length >= j | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:24:15:24:21 | args[j] | read |
|
||||
| tst.js:34:19:34:31 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:35:9:35:12 | a[i] | read |
|
||||
| tst.js:51:9:51:21 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:51:43:51:46 | a[i] | read |
|
||||
| tst.js:51:26:51:38 | i <= b.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:51:52:51:55 | b[i] | read |
|
||||
| tst.js:1:17:1:32 | i <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:2:15:2:21 | args[i] | read |
|
||||
| tst.js:5:17:5:32 | args.length >= i | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:6:15:6:21 | args[i] | read |
|
||||
| tst.js:15:5:15:20 | j <= args.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:16:15:16:21 | args[j] | read |
|
||||
| tst.js:19:5:19:20 | args.length >= j | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:20:15:20:21 | args[j] | read |
|
||||
| tst.js:29:19:29:31 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:30:9:30:12 | a[i] | read |
|
||||
| tst.js:46:9:46:21 | i <= a.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:46:43:46:46 | a[i] | read |
|
||||
| tst.js:46:26:46:38 | i <= b.length | Off-by-one index comparison against length may lead to out-of-bounds $@. | tst.js:46:52:46:55 | b[i] | read |
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
| NonLinearPatternTS.ts:1:34:1:39 | number | The pattern variable 'number' appears to be a type, but is a variable $@. | NonLinearPatternTS.ts:1:23:1:28 | number | previously bound |
|
||||
| ts-test.ts:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:3:10:3:10 | x | previously bound |
|
||||
| ts-test.ts:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:8:10:8:10 | x | previously bound |
|
||||
| ts-test.ts:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:11:7:11:7 | x | previously bound |
|
||||
| ts-test.ts:21:8:21:13 | string | The pattern variable 'string' appears to be a type, but is a variable $@. | ts-test.ts:20:8:20:13 | string | previously bound |
|
||||
| ts-test.ts:32:16:32:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound |
|
||||
| ts-test.ts:34:20:34:20 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:30:12:30:12 | x | previously bound |
|
||||
| ts-test.ts:40:27:40:32 | string | Repeated binding of pattern variable 'string' $@. | ts-test.ts:40:16:40:21 | string | previously bound |
|
||||
| tst.js:3:13:3:13 | x | Repeated binding of pattern variable 'x' $@. | tst.js:3:10:3:10 | x | previously bound |
|
||||
| tst.js:8:16:8:16 | x | Repeated binding of pattern variable 'x' $@. | tst.js:8:10:8:10 | x | previously bound |
|
||||
| tst.js:11:10:11:10 | x | Repeated binding of pattern variable 'x' $@. | tst.js:11:7:11:7 | x | previously bound |
|
||||
out| NonLinearPatternTS.ts:1:34:1:39 | number | The pattern variable 'number' appears to be a type, but is a variable $@. | NonLinearPatternTS.ts:1:23:1:28 | number | previously bound |
|
||||
| ts-test.ts:2:13:2:13 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:2:10:2:10 | x | previously bound |
|
||||
| ts-test.ts:6:16:6:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:6:10:6:10 | x | previously bound |
|
||||
| ts-test.ts:8:10:8:10 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:8:7:8:7 | x | previously bound |
|
||||
| ts-test.ts:18:8:18:13 | string | The pattern variable 'string' appears to be a type, but is a variable $@. | ts-test.ts:17:8:17:13 | string | previously bound |
|
||||
| ts-test.ts:29:16:29:16 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:27:12:27:12 | x | previously bound |
|
||||
| ts-test.ts:31:20:31:20 | x | Repeated binding of pattern variable 'x' $@. | ts-test.ts:27:12:27:12 | x | previously bound |
|
||||
| ts-test.ts:37:27:37:32 | string | Repeated binding of pattern variable 'string' $@. | ts-test.ts:37:16:37:21 | string | previously bound |
|
||||
| tst.js:2:13:2:13 | x | Repeated binding of pattern variable 'x' $@. | tst.js:2:10:2:10 | x | previously bound |
|
||||
| tst.js:6:16:6:16 | x | Repeated binding of pattern variable 'x' $@. | tst.js:6:10:6:10 | x | previously bound |
|
||||
| tst.js:8:10:8:10 | x | Repeated binding of pattern variable 'x' $@. | tst.js:8:7:8:7 | x | previously bound |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:2:1:2:3 | (0) | Assignment to property foo of a primitive value with type number. |
|
||||
| tst.js:11:5:11:5 | s | Assignment to a property of a primitive value with type string. |
|
||||
| tst.js:17:3:17:3 | x | Assignment to property y of a primitive value with type number or string. |
|
||||
| tst.js:1:1:1:3 | (0) | Assignment to property foo of a primitive value with type number. |
|
||||
| tst.js:8:5:8:5 | s | Assignment to a property of a primitive value with type string. |
|
||||
| tst.js:13:3:13:3 | x | Assignment to property y of a primitive value with type number or string. |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:15:3:15:12 | set x(v ... OK\\n\\t\\t} | This setter function does not use its parameter $@. | tst.js:15:9:15:9 | v | v |
|
||||
| tst.js:40:3:40:25 | set y(_ ... _x\|0; } | This setter function does not use its parameter $@. | tst.js:40:9:40:10 | _y | _y |
|
||||
| tst.js:15:3:15:12 | set x(v) {\\n\\t\\t} | This setter function does not use its parameter $@. | tst.js:15:9:15:9 | v | v |
|
||||
| tst.js:38:3:38:25 | set y(_ ... _x\|0; } | This setter function does not use its parameter $@. | tst.js:38:9:38:10 | _y | _y |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:15:3:15:16 | return "nope"; | Useless return statement in setter function. |
|
||||
| tst.js:14:3:14:16 | return "nope"; | Useless return statement in setter function. |
|
||||
|
||||
@@ -8,17 +8,17 @@
|
||||
| reflection.js:7:15:7:18 | 1 | Superfluous arguments passed to $@. | reflection.js:1:1:1:23 | functio ... eturn;} | function f0 |
|
||||
| reflection.js:12:18:12:18 | 2 | Superfluous argument passed to $@. | reflection.js:2:1:2:24 | functio ... eturn;} | function f1 |
|
||||
| thisparameter.ts:4:11:4:12 | 45 | Superfluous argument passed to $@. | thisparameter.ts:1:1:1:45 | functio ... eturn;} | function foo |
|
||||
| tst.js:11:3:11:5 | g() | Superfluous argument passed to $@. | tst.js:1:1:4:1 | functio ... x+19;\\n} | function f |
|
||||
| tst.js:33:15:33:18 | 2 | Superfluous arguments passed to $@. | externs.js:34:1:34:27 | functio ... str) {} | function String |
|
||||
| tst.js:37:4:37:5 | 42 | Superfluous argument passed to $@. | tst.js:38:4:38:23 | function() {return;} | anonymous function |
|
||||
| tst.js:46:19:46:20 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat |
|
||||
| tst.js:70:11:70:12 | 42 | Superfluous argument passed to $@. | tst.js:49:2:51:2 | functio ... urn;\\n\\t} | function nonEmpty |
|
||||
| tst.js:75:13:75:14 | 42 | Superfluous argument passed to $@. | tst.js:63:19:63:33 | () => undefined | function emptyArrow |
|
||||
| tst.js:76:31:76:32 | 42 | Superfluous argument passed to $@. | tst.js:64:33:64:32 | () {} | default constructor of class ImplicitEmptyConstructor |
|
||||
| tst.js:77:31:77:32 | 42 | Superfluous argument passed to $@. | tst.js:67:14:68:3 | (){\\n\\t\\t} | constructor of class ExplicitEmptyConstructor |
|
||||
| tst.js:78:20:78:21 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat |
|
||||
| tst.js:114:20:114:21 | 42 | Superfluous argument passed to $@. | tst.js:82:2:86:2 | functio ... \\n\\t\\t}\\n\\t} | function notAPlainThrower1 |
|
||||
| tst.js:115:20:115:21 | 42 | Superfluous argument passed to $@. | tst.js:87:2:90:2 | functio ... .");\\n\\t} | function notAPlainThrower2 |
|
||||
| tst.js:116:20:116:21 | 42 | Superfluous argument passed to $@. | tst.js:91:2:94:2 | functio ... .");\\n\\t} | function notAPlainThrower3 |
|
||||
| tst.js:120:23:120:24 | 87 | Superfluous argument passed to $@. | tst.js:102:2:104:2 | functio ... (p);\\n\\t} | function throwerWithParam |
|
||||
| tst.js:121:18:121:19 | 42 | Superfluous argument passed to $@. | tst.js:105:2:113:2 | functio ... )();\\n\\t} | function throwerIndirect |
|
||||
| tst.js:10:3:10:5 | g() | Superfluous argument passed to $@. | tst.js:1:1:4:1 | functio ... x+19;\\n} | function f |
|
||||
| tst.js:31:15:31:18 | 2 | Superfluous arguments passed to $@. | externs.js:34:1:34:27 | functio ... str) {} | function String |
|
||||
| tst.js:34:4:34:5 | 42 | Superfluous argument passed to $@. | tst.js:35:4:35:23 | function() {return;} | anonymous function |
|
||||
| tst.js:43:19:43:20 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat |
|
||||
| tst.js:67:11:67:12 | 42 | Superfluous argument passed to $@. | tst.js:46:2:48:2 | functio ... urn;\\n\\t} | function nonEmpty |
|
||||
| tst.js:72:13:72:14 | 42 | Superfluous argument passed to $@. | tst.js:60:19:60:33 | () => undefined | function emptyArrow |
|
||||
| tst.js:73:31:73:32 | 42 | Superfluous argument passed to $@. | tst.js:61:33:61:32 | () {} | default constructor of class ImplicitEmptyConstructor |
|
||||
| tst.js:74:31:74:32 | 42 | Superfluous argument passed to $@. | tst.js:64:14:65:3 | (){\\n\\t\\t} | constructor of class ExplicitEmptyConstructor |
|
||||
| tst.js:75:20:75:21 | 10 | Superfluous argument passed to $@. | externs.js:36:1:36:27 | functio ... num) {} | function parseFloat |
|
||||
| tst.js:111:20:111:21 | 42 | Superfluous argument passed to $@. | tst.js:79:2:83:2 | functio ... \\n\\t\\t}\\n\\t} | function notAPlainThrower1 |
|
||||
| tst.js:112:20:112:21 | 42 | Superfluous argument passed to $@. | tst.js:84:2:87:2 | functio ... .");\\n\\t} | function notAPlainThrower2 |
|
||||
| tst.js:113:20:113:21 | 42 | Superfluous argument passed to $@. | tst.js:88:2:91:2 | functio ... .");\\n\\t} | function notAPlainThrower3 |
|
||||
| tst.js:117:23:117:24 | 87 | Superfluous argument passed to $@. | tst.js:99:2:101:2 | functio ... (p);\\n\\t} | function throwerWithParam |
|
||||
| tst.js:118:18:118:19 | 42 | Superfluous argument passed to $@. | tst.js:102:2:110:2 | functio ... )();\\n\\t} | function throwerIndirect |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
| tst.js:5:30:5:45 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:7:21:7:36 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:9:20:9:27 | f.caller | Strict mode code cannot use Function.prototype.caller. |
|
||||
| tst.js:11:17:11:27 | f.arguments | Strict mode code cannot use Function.prototype.arguments. |
|
||||
| tst.js:18:10:18:25 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:31:12:31:21 | foo.caller | Strict mode code cannot use Function.prototype.caller. |
|
||||
| tst.js:31:12:31:21 | foo.caller | Strict mode code cannot use arguments.caller. |
|
||||
| tst.js:4:30:4:45 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:5:21:5:36 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:6:20:6:27 | f.caller | Strict mode code cannot use Function.prototype.caller. |
|
||||
| tst.js:7:17:7:27 | f.arguments | Strict mode code cannot use Function.prototype.arguments. |
|
||||
| tst.js:13:10:13:25 | arguments.callee | Strict mode code cannot use arguments.callee. |
|
||||
| tst.js:25:12:25:21 | foo.caller | Strict mode code cannot use Function.prototype.caller. |
|
||||
| tst.js:25:12:25:21 | foo.caller | Strict mode code cannot use arguments.caller. |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:5:9:5:21 | yield index++ | This yield expression is contained in $@ which is not marked as a generator. | tst.js:1:1:1:8 | function | function idMaker |
|
||||
| tst.js:4:9:4:21 | yield index++ | This yield expression is contained in $@ which is not marked as a generator. | tst.js:1:1:1:8 | function | function idMaker |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
| tst.js:14:10:14:15 | q[i++] | This loop may prevent optimization because its iteration variable is a property. |
|
||||
| tst.js:19:10:19:10 | p | This loop may prevent optimization because its iteration variable is a global variable. |
|
||||
| tst.js:24:10:24:14 | var p | This loop may prevent optimization because its iteration variable is captured. |
|
||||
| tst.js:34:14:34:14 | p | This loop may prevent optimization because its iteration variable is captured. |
|
||||
| tst.js:40:10:40:10 | p | This loop may prevent optimization because its iteration variable is a global variable. |
|
||||
| tst.js:13:10:13:15 | q[i++] | This loop may prevent optimization because its iteration variable is a property. |
|
||||
| tst.js:17:10:17:10 | p | This loop may prevent optimization because its iteration variable is a global variable. |
|
||||
| tst.js:21:10:21:14 | var p | This loop may prevent optimization because its iteration variable is captured. |
|
||||
| tst.js:30:14:30:14 | p | This loop may prevent optimization because its iteration variable is captured. |
|
||||
| tst.js:35:10:35:10 | p | This loop may prevent optimization because its iteration variable is a global variable. |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:2:18:2:22 | start | This parameter $@, which may prevent optimization because the surrounding function uses the arguments object. | tst.js:4:9:4:13 | start | is reassigned |
|
||||
| tst.js:1:18:1:22 | start | This parameter $@, which may prevent optimization because the surrounding function uses the arguments object. | tst.js:3:9:3:13 | start | is reassigned |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:4:17:4:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in a $@. | tst.js:4:11:4:14 | (a+) | this capture group | tst.js:4:8:4:16 | (?!(a+)b) | negative lookahead assertion |
|
||||
| tst.js:3:17:3:18 | \\2 | This back reference always matches the empty string, since it refers to $@, which is contained in a $@. | tst.js:3:11:3:14 | (a+) | this capture group | tst.js:3:8:3:16 | (?!(a+)b) | negative lookahead assertion |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
| tst.js:4:2:4:3 | \\1 | There is no capture group 1 in this regular expression. |
|
||||
| tst.js:8:13:8:14 | \\1 | There is no capture group 1 in this regular expression. |
|
||||
| tst.js:15:16:15:17 | \\2 | There is no capture group 2 in this regular expression. |
|
||||
| tst.js:16:16:16:29 | \\k<whitespace> | There is no capture group named 'whitespace' in this regular expression. |
|
||||
| tst.js:3:2:3:3 | \\1 | There is no capture group 1 in this regular expression. |
|
||||
| tst.js:6:13:6:14 | \\1 | There is no capture group 1 in this regular expression. |
|
||||
| tst.js:12:16:12:17 | \\2 | There is no capture group 2 in this regular expression. |
|
||||
| tst.js:13:16:13:29 | \\k<whitespace> | There is no capture group named 'whitespace' in this regular expression. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:2:4:2:4 | ^ | This assertion can never match. |
|
||||
| tst.js:11:5:11:5 | ^ | This assertion can never match. |
|
||||
| tst.js:20:5:20:5 | ^ | This assertion can never match. |
|
||||
| tst.js:1:4:1:4 | ^ | This assertion can never match. |
|
||||
| tst.js:9:5:9:5 | ^ | This assertion can never match. |
|
||||
| tst.js:16:5:16:5 | ^ | This assertion can never match. |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
| tst.js:2:10:2:10 | $ | This assertion can never match. |
|
||||
| tst.js:11:3:11:3 | $ | This assertion can never match. |
|
||||
| tst.js:20:3:20:3 | $ | This assertion can never match. |
|
||||
| tst.js:38:6:38:6 | $ | This assertion can never match. |
|
||||
| tst.js:1:10:1:10 | $ | This assertion can never match. |
|
||||
| tst.js:9:3:9:3 | $ | This assertion can never match. |
|
||||
| tst.js:16:3:16:3 | $ | This assertion can never match. |
|
||||
| tst.js:33:6:33:6 | $ | This assertion can never match. |
|
||||
|
||||
@@ -4,159 +4,159 @@ nodes
|
||||
| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query |
|
||||
| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path |
|
||||
| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url |
|
||||
| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) |
|
||||
| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path |
|
||||
| TaintedPath-es6.js:9:26:9:45 | join("public", path) | semmle.label | join("public", path) |
|
||||
| TaintedPath-es6.js:9:41:9:44 | path | semmle.label | path |
|
||||
| TaintedPath.js:9:7:9:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:12:29:12:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path |
|
||||
| TaintedPath.js:15:45:15:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:18:33:18:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:21:33:21:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:24:33:24:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:33:31:33:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:38:3:38:44 | path | semmle.label | path |
|
||||
| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:42:48:42:51 | path | semmle.label | path |
|
||||
| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) |
|
||||
| TaintedPath.js:46:45:46:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
|
||||
| TaintedPath.js:48:51:48:54 | path | semmle.label | path |
|
||||
| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:50:50:50:53 | path | semmle.label | path |
|
||||
| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) |
|
||||
| TaintedPath.js:52:52:52:55 | path | semmle.label | path |
|
||||
| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) |
|
||||
| TaintedPath.js:54:49:54:52 | path | semmle.label | path |
|
||||
| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:56:48:56:51 | path | semmle.label | path |
|
||||
| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
|
||||
| TaintedPath.js:58:54:58:57 | path | semmle.label | path |
|
||||
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) |
|
||||
| TaintedPath.js:60:57:60:60 | path | semmle.label | path |
|
||||
| TaintedPath.js:65:31:65:70 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:65:31:65:76 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:65:63:65:69 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:66:31:66:68 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:66:31:66:74 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:66:61:66:67 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:67:31:67:67 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:67:31:67:73 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:67:60:67:66 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:75:48:75:60 | req.params[0] | semmle.label | req.params[0] |
|
||||
| TaintedPath.js:84:6:84:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:84:13:84:36 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:84:13:84:42 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:84:13:84:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:84:23:84:29 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
|
||||
| TaintedPath.js:86:44:86:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:87:14:87:17 | path | semmle.label | path |
|
||||
| TaintedPath.js:88:32:88:39 | realpath | semmle.label | realpath |
|
||||
| TaintedPath.js:89:45:89:52 | realpath | semmle.label | realpath |
|
||||
| TaintedPath.js:120:6:120:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:120:13:120:36 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:120:13:120:42 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:120:13:120:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:120:23:120:29 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:122:23:122:26 | path | semmle.label | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:128:19:128:22 | path | semmle.label | path |
|
||||
| TaintedPath.js:130:7:130:29 | split | semmle.label | split |
|
||||
| TaintedPath.js:130:15:130:18 | path | semmle.label | path |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | semmle.label | path.split("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") | semmle.label | split.join("/") |
|
||||
| TaintedPath.js:136:19:136:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] | semmle.label | split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] | semmle.label | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | semmle.label | split |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | semmle.label | split[x] |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | semmle.label | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
|
||||
| TaintedPath.js:139:33:139:37 | split | semmle.label | split |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | semmle.label | concatted |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") | semmle.label | concatted.join("/") |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | semmle.label | concatted2 |
|
||||
| TaintedPath.js:142:20:142:24 | split | semmle.label | split |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | semmle.label | concatted2 |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
|
||||
| TaintedPath.js:145:19:145:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:145:19:145:29 | split.pop() | semmle.label | split.pop() |
|
||||
| TaintedPath.js:150:7:150:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:150:14:150:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:150:14:150:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:150:14:150:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:150:24:150:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:154:29:154:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:160:29:160:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:161:29:161:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:162:29:162:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:163:29:163:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
|
||||
| TaintedPath.js:178:40:178:43 | path | semmle.label | path |
|
||||
| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
|
||||
| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
|
||||
| TaintedPath.js:179:50:179:53 | path | semmle.label | path |
|
||||
| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
|
||||
| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
|
||||
| TaintedPath.js:187:38:187:44 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
|
||||
| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
|
||||
| TaintedPath.js:188:38:188:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
|
||||
| TaintedPath.js:188:51:188:57 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
|
||||
| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
|
||||
| TaintedPath.js:190:44:190:50 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:195:7:195:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:195:14:195:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:195:14:195:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:195:14:195:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:195:24:195:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:196:31:196:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:197:45:197:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:198:35:198:38 | path | semmle.label | path |
|
||||
| TaintedPath.js:202:7:202:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:202:14:202:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:202:14:202:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:202:14:202:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:202:24:202:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:206:29:206:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:206:29:206:85 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| TaintedPath.js:211:7:211:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:213:29:213:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:213:29:213:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| TaintedPath.js:216:31:216:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:216:31:216:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| TaintedPath.js:11:29:11:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:13:29:13:48 | "/home/user/" + path | semmle.label | "/home/user/" + path |
|
||||
| TaintedPath.js:13:45:13:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:16:33:16:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:19:33:19:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:22:33:22:36 | path | semmle.label | path |
|
||||
| TaintedPath.js:31:31:31:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:36:3:36:44 | path | semmle.label | path |
|
||||
| TaintedPath.js:36:10:36:33 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:36:10:36:39 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:36:10:36:44 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:36:20:36:26 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:39:48:39:51 | path | semmle.label | path |
|
||||
| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) |
|
||||
| TaintedPath.js:42:45:42:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
|
||||
| TaintedPath.js:43:51:43:54 | path | semmle.label | path |
|
||||
| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:44:50:44:53 | path | semmle.label | path |
|
||||
| TaintedPath.js:45:29:45:56 | pathMod ... , path) | semmle.label | pathMod ... , path) |
|
||||
| TaintedPath.js:45:52:45:55 | path | semmle.label | path |
|
||||
| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) |
|
||||
| TaintedPath.js:46:49:46:52 | path | semmle.label | path |
|
||||
| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:47:48:47:51 | path | semmle.label | path |
|
||||
| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
|
||||
| TaintedPath.js:48:54:48:57 | path | semmle.label | path |
|
||||
| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) |
|
||||
| TaintedPath.js:49:57:49:60 | path | semmle.label | path |
|
||||
| TaintedPath.js:54:31:54:70 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:54:31:54:76 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:54:63:54:69 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:55:31:55:68 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:55:31:55:74 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:55:61:55:67 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:56:31:56:67 | require ... eq.url) | semmle.label | require ... eq.url) |
|
||||
| TaintedPath.js:56:31:56:73 | require ... ).query | semmle.label | require ... ).query |
|
||||
| TaintedPath.js:56:60:56:66 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:64:48:64:60 | req.params[0] | semmle.label | req.params[0] |
|
||||
| TaintedPath.js:73:6:73:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:73:13:73:36 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:73:13:73:42 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:73:13:73:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:73:23:73:29 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
|
||||
| TaintedPath.js:75:44:75:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:76:14:76:17 | path | semmle.label | path |
|
||||
| TaintedPath.js:77:32:77:39 | realpath | semmle.label | realpath |
|
||||
| TaintedPath.js:78:45:78:52 | realpath | semmle.label | realpath |
|
||||
| TaintedPath.js:109:6:109:47 | path | semmle.label | path |
|
||||
| TaintedPath.js:109:13:109:36 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:109:13:109:42 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:109:13:109:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:109:23:109:29 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:111:23:111:26 | path | semmle.label | path |
|
||||
| TaintedPath.js:115:7:115:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:115:14:115:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:115:14:115:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:115:14:115:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:115:24:115:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:117:19:117:22 | path | semmle.label | path |
|
||||
| TaintedPath.js:119:7:119:29 | split | semmle.label | split |
|
||||
| TaintedPath.js:119:15:119:18 | path | semmle.label | path |
|
||||
| TaintedPath.js:119:15:119:29 | path.split("/") | semmle.label | path.split("/") |
|
||||
| TaintedPath.js:121:19:121:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:121:19:121:33 | split.join("/") | semmle.label | split.join("/") |
|
||||
| TaintedPath.js:125:19:125:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:125:19:125:26 | split[x] | semmle.label | split[x] |
|
||||
| TaintedPath.js:126:19:126:35 | prefix + split[x] | semmle.label | prefix + split[x] |
|
||||
| TaintedPath.js:126:28:126:32 | split | semmle.label | split |
|
||||
| TaintedPath.js:126:28:126:35 | split[x] | semmle.label | split[x] |
|
||||
| TaintedPath.js:128:7:128:38 | concatted | semmle.label | concatted |
|
||||
| TaintedPath.js:128:19:128:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
|
||||
| TaintedPath.js:128:33:128:37 | split | semmle.label | split |
|
||||
| TaintedPath.js:129:19:129:27 | concatted | semmle.label | concatted |
|
||||
| TaintedPath.js:129:19:129:37 | concatted.join("/") | semmle.label | concatted.join("/") |
|
||||
| TaintedPath.js:131:7:131:39 | concatted2 | semmle.label | concatted2 |
|
||||
| TaintedPath.js:131:20:131:24 | split | semmle.label | split |
|
||||
| TaintedPath.js:131:20:131:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
|
||||
| TaintedPath.js:132:19:132:28 | concatted2 | semmle.label | concatted2 |
|
||||
| TaintedPath.js:132:19:132:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
|
||||
| TaintedPath.js:134:19:134:23 | split | semmle.label | split |
|
||||
| TaintedPath.js:134:19:134:29 | split.pop() | semmle.label | split.pop() |
|
||||
| TaintedPath.js:139:7:139:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:139:14:139:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:139:14:139:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:139:14:139:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:139:24:139:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:143:29:143:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:149:29:149:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:150:29:150:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:151:29:151:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:152:29:152:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
|
||||
| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
|
||||
| TaintedPath.js:167:40:167:43 | path | semmle.label | path |
|
||||
| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
|
||||
| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
|
||||
| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
|
||||
| TaintedPath.js:168:50:168:53 | path | semmle.label | path |
|
||||
| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
|
||||
| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
|
||||
| TaintedPath.js:176:38:176:44 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
|
||||
| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
|
||||
| TaintedPath.js:177:38:177:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
|
||||
| TaintedPath.js:177:51:177:57 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
|
||||
| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
|
||||
| TaintedPath.js:179:44:179:50 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:184:7:184:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:184:14:184:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:184:14:184:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:184:14:184:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:184:24:184:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:185:31:185:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:186:45:186:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:187:35:187:38 | path | semmle.label | path |
|
||||
| TaintedPath.js:191:7:191:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:191:14:191:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:191:14:191:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:191:14:191:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:191:24:191:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:195:29:195:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:195:29:195:85 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| TaintedPath.js:200:7:200:48 | path | semmle.label | path |
|
||||
| TaintedPath.js:200:14:200:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| TaintedPath.js:200:14:200:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| TaintedPath.js:200:14:200:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| TaintedPath.js:200:24:200:30 | req.url | semmle.label | req.url |
|
||||
| TaintedPath.js:202:29:202:32 | path | semmle.label | path |
|
||||
| TaintedPath.js:202:29:202:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| TaintedPath.js:205:31:205:34 | path | semmle.label | path |
|
||||
| TaintedPath.js:205:31:205:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
|
||||
| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
|
||||
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url |
|
||||
| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath |
|
||||
| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath |
|
||||
| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | semmle.label | ROOT + filePath |
|
||||
| examples/TaintedPath.js:10:36:10:43 | filePath | semmle.label | filePath |
|
||||
| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar |
|
||||
| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath |
|
||||
| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath |
|
||||
@@ -440,22 +440,22 @@ nodes
|
||||
| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
|
||||
| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path |
|
||||
| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-require.js:6:19:6:37 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-require.js:11:29:11:47 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-require.js:13:11:13:29 | req.param("module") | semmle.label | req.param("module") |
|
||||
| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | semmle.label | req.param("gimme") |
|
||||
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") |
|
||||
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") |
|
||||
| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") |
|
||||
| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) |
|
||||
| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
|
||||
| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:30:16:30:33 | req.param("gimme") | semmle.label | req.param("gimme") |
|
||||
| tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | semmle.label | homeDir ... arams.x |
|
||||
| tainted-sendFile.js:33:37:33:48 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
|
||||
| tainted-sendFile.js:35:34:35:45 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:38:43:38:58 | req.param("dir") | semmle.label | req.param("dir") |
|
||||
| tainted-sendFile.js:15:43:15:58 | req.param("dir") | semmle.label | req.param("dir") |
|
||||
| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) |
|
||||
| tainted-sendFile.js:21:37:21:48 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
|
||||
| tainted-sendFile.js:22:34:22:45 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:27:16:27:33 | req.param("gimme") | semmle.label | req.param("gimme") |
|
||||
| tainted-sendFile.js:30:16:30:48 | homeDir ... arams.x | semmle.label | homeDir ... arams.x |
|
||||
| tainted-sendFile.js:30:37:30:48 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:32:16:32:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
|
||||
| tainted-sendFile.js:32:34:32:45 | req.params.x | semmle.label | req.params.x |
|
||||
| tainted-sendFile.js:35:43:35:58 | req.param("dir") | semmle.label | req.param("dir") |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path |
|
||||
| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
@@ -504,158 +504,158 @@ nodes
|
||||
| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
|
||||
| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
|
||||
| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url |
|
||||
| typescript.ts:12:29:12:32 | path | semmle.label | path |
|
||||
| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 |
|
||||
| typescript.ts:20:15:20:18 | path | semmle.label | path |
|
||||
| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 |
|
||||
| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 |
|
||||
| typescript.ts:23:15:23:18 | path | semmle.label | path |
|
||||
| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 |
|
||||
| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 |
|
||||
| typescript.ts:30:15:30:18 | path | semmle.label | path |
|
||||
| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 |
|
||||
| typescript.ts:11:29:11:32 | path | semmle.label | path |
|
||||
| typescript.ts:19:7:19:18 | path3 | semmle.label | path3 |
|
||||
| typescript.ts:19:15:19:18 | path | semmle.label | path |
|
||||
| typescript.ts:20:39:20:43 | path3 | semmle.label | path3 |
|
||||
| typescript.ts:22:7:22:18 | path4 | semmle.label | path4 |
|
||||
| typescript.ts:22:15:22:18 | path | semmle.label | path |
|
||||
| typescript.ts:23:39:23:43 | path4 | semmle.label | path4 |
|
||||
| typescript.ts:29:7:29:18 | path6 | semmle.label | path6 |
|
||||
| typescript.ts:29:15:29:18 | path | semmle.label | path |
|
||||
| typescript.ts:31:29:31:33 | path6 | semmle.label | path6 |
|
||||
| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] |
|
||||
edges
|
||||
| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance | |
|
||||
| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:9:41:9:44 | path | provenance | |
|
||||
| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config |
|
||||
| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config |
|
||||
| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance | |
|
||||
| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config |
|
||||
| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance | |
|
||||
| TaintedPath-es6.js:9:41:9:44 | path | TaintedPath-es6.js:9:26:9:45 | join("public", path) | provenance | Config |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:11:29:11:32 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:13:45:13:48 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:16:33:16:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:19:33:19:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:22:33:22:36 | path | provenance | |
|
||||
| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:31:31:31:34 | path | provenance | |
|
||||
| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance | |
|
||||
| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance | |
|
||||
| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance | |
|
||||
| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance | |
|
||||
| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config |
|
||||
| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config |
|
||||
| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config |
|
||||
| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config |
|
||||
| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config |
|
||||
| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config |
|
||||
| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | provenance | |
|
||||
| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | provenance | |
|
||||
| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | provenance | |
|
||||
| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | provenance | Config |
|
||||
| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | provenance | Config |
|
||||
| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | provenance | |
|
||||
| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | provenance | |
|
||||
| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | provenance | |
|
||||
| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | provenance | |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | provenance | |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | provenance | |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | provenance | |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | provenance | |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | provenance | |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | provenance | |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | provenance | |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | provenance | |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | provenance | Config |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | provenance | |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | provenance | Config |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | provenance | Config |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | provenance | Config |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | provenance | Config |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | provenance | |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | provenance | |
|
||||
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | provenance | Config |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | provenance | Config |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | provenance | |
|
||||
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | provenance | Config |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | provenance | |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | provenance | Config |
|
||||
| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | provenance | Config |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | provenance | |
|
||||
| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | provenance | |
|
||||
| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | provenance | |
|
||||
| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | provenance | Config |
|
||||
| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | provenance | Config |
|
||||
| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | provenance | Config |
|
||||
| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | provenance | Config |
|
||||
| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | provenance | Config |
|
||||
| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | provenance | |
|
||||
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | provenance | |
|
||||
| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | provenance | |
|
||||
| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance | |
|
||||
| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | provenance | |
|
||||
| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | provenance | |
|
||||
| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | provenance | Config |
|
||||
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | provenance | |
|
||||
| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | provenance | |
|
||||
| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | |
|
||||
| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | provenance | Config |
|
||||
| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | provenance | Config |
|
||||
| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | |
|
||||
| TaintedPath.js:13:45:13:48 | path | TaintedPath.js:13:29:13:48 | "/home/user/" + path | provenance | Config |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:39:48:39:51 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:42:45:42:48 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:43:51:43:54 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:44:50:44:53 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:45:52:45:55 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:46:49:46:52 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:47:48:47:51 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:48:54:48:57 | path | provenance | |
|
||||
| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:49:57:49:60 | path | provenance | |
|
||||
| TaintedPath.js:36:10:36:33 | url.par ... , true) | TaintedPath.js:36:10:36:39 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:36:10:36:39 | url.par ... ).query | TaintedPath.js:36:10:36:44 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:36:10:36:44 | url.par ... ry.path | TaintedPath.js:36:3:36:44 | path | provenance | |
|
||||
| TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:36:10:36:33 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:39:48:39:51 | path | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:42:45:42:48 | path | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | provenance | Config |
|
||||
| TaintedPath.js:43:51:43:54 | path | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | provenance | Config |
|
||||
| TaintedPath.js:44:50:44:53 | path | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:45:52:45:55 | path | TaintedPath.js:45:29:45:56 | pathMod ... , path) | provenance | Config |
|
||||
| TaintedPath.js:46:49:46:52 | path | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | provenance | Config |
|
||||
| TaintedPath.js:47:48:47:51 | path | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:48:54:48:57 | path | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | provenance | Config |
|
||||
| TaintedPath.js:49:57:49:60 | path | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | provenance | Config |
|
||||
| TaintedPath.js:54:31:54:70 | require ... eq.url) | TaintedPath.js:54:31:54:76 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:70 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:55:31:55:68 | require ... eq.url) | TaintedPath.js:55:31:55:74 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:68 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:56:31:56:67 | require ... eq.url) | TaintedPath.js:56:31:56:73 | require ... ).query | provenance | Config |
|
||||
| TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:67 | require ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:75:44:75:47 | path | provenance | |
|
||||
| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:76:14:76:17 | path | provenance | |
|
||||
| TaintedPath.js:73:13:73:36 | url.par ... , true) | TaintedPath.js:73:13:73:42 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:73:13:73:42 | url.par ... ).query | TaintedPath.js:73:13:73:47 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:73:13:73:47 | url.par ... ry.path | TaintedPath.js:73:6:73:47 | path | provenance | |
|
||||
| TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:73:13:73:36 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:75:44:75:47 | path | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | provenance | Config |
|
||||
| TaintedPath.js:76:14:76:17 | path | TaintedPath.js:77:32:77:39 | realpath | provenance | Config |
|
||||
| TaintedPath.js:77:32:77:39 | realpath | TaintedPath.js:78:45:78:52 | realpath | provenance | |
|
||||
| TaintedPath.js:109:6:109:47 | path | TaintedPath.js:111:23:111:26 | path | provenance | |
|
||||
| TaintedPath.js:109:13:109:36 | url.par ... , true) | TaintedPath.js:109:13:109:42 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:109:13:109:42 | url.par ... ).query | TaintedPath.js:109:13:109:47 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:109:13:109:47 | url.par ... ry.path | TaintedPath.js:109:6:109:47 | path | provenance | |
|
||||
| TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:109:13:109:36 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:117:19:117:22 | path | provenance | |
|
||||
| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:119:15:119:18 | path | provenance | |
|
||||
| TaintedPath.js:115:14:115:37 | url.par ... , true) | TaintedPath.js:115:14:115:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:115:14:115:43 | url.par ... ).query | TaintedPath.js:115:14:115:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:115:14:115:48 | url.par ... ry.path | TaintedPath.js:115:7:115:48 | path | provenance | |
|
||||
| TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:115:14:115:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:121:19:121:23 | split | provenance | |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:125:19:125:23 | split | provenance | |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:126:28:126:32 | split | provenance | |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:128:33:128:37 | split | provenance | |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:131:20:131:24 | split | provenance | |
|
||||
| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:134:19:134:23 | split | provenance | |
|
||||
| TaintedPath.js:119:15:119:18 | path | TaintedPath.js:119:15:119:29 | path.split("/") | provenance | Config |
|
||||
| TaintedPath.js:119:15:119:29 | path.split("/") | TaintedPath.js:119:7:119:29 | split | provenance | |
|
||||
| TaintedPath.js:121:19:121:23 | split | TaintedPath.js:121:19:121:33 | split.join("/") | provenance | Config |
|
||||
| TaintedPath.js:125:19:125:23 | split | TaintedPath.js:125:19:125:26 | split[x] | provenance | Config |
|
||||
| TaintedPath.js:126:28:126:32 | split | TaintedPath.js:126:28:126:35 | split[x] | provenance | Config |
|
||||
| TaintedPath.js:126:28:126:35 | split[x] | TaintedPath.js:126:19:126:35 | prefix + split[x] | provenance | Config |
|
||||
| TaintedPath.js:128:7:128:38 | concatted | TaintedPath.js:129:19:129:27 | concatted | provenance | |
|
||||
| TaintedPath.js:128:19:128:38 | prefix.concat(split) | TaintedPath.js:128:7:128:38 | concatted | provenance | |
|
||||
| TaintedPath.js:128:33:128:37 | split | TaintedPath.js:128:19:128:38 | prefix.concat(split) | provenance | Config |
|
||||
| TaintedPath.js:129:19:129:27 | concatted | TaintedPath.js:129:19:129:37 | concatted.join("/") | provenance | Config |
|
||||
| TaintedPath.js:131:7:131:39 | concatted2 | TaintedPath.js:132:19:132:28 | concatted2 | provenance | |
|
||||
| TaintedPath.js:131:20:131:24 | split | TaintedPath.js:131:20:131:39 | split.concat(prefix) | provenance | Config |
|
||||
| TaintedPath.js:131:20:131:39 | split.concat(prefix) | TaintedPath.js:131:7:131:39 | concatted2 | provenance | |
|
||||
| TaintedPath.js:132:19:132:28 | concatted2 | TaintedPath.js:132:19:132:38 | concatted2.join("/") | provenance | Config |
|
||||
| TaintedPath.js:134:19:134:23 | split | TaintedPath.js:134:19:134:29 | split.pop() | provenance | Config |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:143:29:143:32 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:149:29:149:32 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:150:29:150:32 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:151:29:151:32 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:152:29:152:32 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:167:40:167:43 | path | provenance | |
|
||||
| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:168:50:168:53 | path | provenance | |
|
||||
| TaintedPath.js:139:14:139:37 | url.par ... , true) | TaintedPath.js:139:14:139:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:139:14:139:43 | url.par ... ).query | TaintedPath.js:139:14:139:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:139:14:139:48 | url.par ... ry.path | TaintedPath.js:139:7:139:48 | path | provenance | |
|
||||
| TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:139:14:139:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:143:29:143:32 | path | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:149:29:149:32 | path | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:150:29:150:32 | path | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:151:29:151:32 | path | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:152:29:152:32 | path | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | provenance | Config |
|
||||
| TaintedPath.js:167:40:167:43 | path | TaintedPath.js:167:40:167:73 | path.re ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | provenance | Config |
|
||||
| TaintedPath.js:168:50:168:53 | path | TaintedPath.js:168:29:168:54 | pathMod ... e(path) | provenance | Config |
|
||||
| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | provenance | Config |
|
||||
| TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:45 | qs.parse(req.url) | provenance | Config |
|
||||
| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | provenance | Config |
|
||||
| TaintedPath.js:177:38:177:58 | normali ... eq.url) | TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | provenance | Config |
|
||||
| TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:38:177:58 | normali ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | provenance | Config |
|
||||
| TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | provenance | Config |
|
||||
| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:185:31:185:34 | path | provenance | |
|
||||
| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:186:45:186:48 | path | provenance | |
|
||||
| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:187:35:187:38 | path | provenance | |
|
||||
| TaintedPath.js:184:14:184:37 | url.par ... , true) | TaintedPath.js:184:14:184:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:184:14:184:43 | url.par ... ).query | TaintedPath.js:184:14:184:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:184:14:184:48 | url.par ... ry.path | TaintedPath.js:184:7:184:48 | path | provenance | |
|
||||
| TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:184:14:184:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:191:7:191:48 | path | TaintedPath.js:195:29:195:32 | path | provenance | |
|
||||
| TaintedPath.js:191:14:191:37 | url.par ... , true) | TaintedPath.js:191:14:191:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:191:14:191:43 | url.par ... ).query | TaintedPath.js:191:14:191:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:191:14:191:48 | url.par ... ry.path | TaintedPath.js:191:7:191:48 | path | provenance | |
|
||||
| TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:191:14:191:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:195:29:195:32 | path | TaintedPath.js:195:29:195:85 | path.re ... '), '') | provenance | Config |
|
||||
| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:202:29:202:32 | path | provenance | |
|
||||
| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:205:31:205:34 | path | provenance | |
|
||||
| TaintedPath.js:200:14:200:37 | url.par ... , true) | TaintedPath.js:200:14:200:43 | url.par ... ).query | provenance | Config |
|
||||
| TaintedPath.js:200:14:200:43 | url.par ... ).query | TaintedPath.js:200:14:200:48 | url.par ... ry.path | provenance | Config |
|
||||
| TaintedPath.js:200:14:200:48 | url.par ... ry.path | TaintedPath.js:200:7:200:48 | path | provenance | |
|
||||
| TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:200:14:200:37 | url.par ... , true) | provenance | Config |
|
||||
| TaintedPath.js:202:29:202:32 | path | TaintedPath.js:202:29:202:68 | path.re ... '), '') | provenance | Config |
|
||||
| TaintedPath.js:205:31:205:34 | path | TaintedPath.js:205:31:205:69 | path.re ... '), '') | provenance | Config |
|
||||
| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:10:36:10:43 | filePath | provenance | |
|
||||
| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config |
|
||||
| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config |
|
||||
| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance | |
|
||||
| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config |
|
||||
| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config |
|
||||
| examples/TaintedPath.js:10:36:10:43 | filePath | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | provenance | Config |
|
||||
| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance | |
|
||||
| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance | |
|
||||
| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance | |
|
||||
@@ -899,10 +899,10 @@ edges
|
||||
| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance | |
|
||||
| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance | |
|
||||
| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance | |
|
||||
| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config |
|
||||
| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config |
|
||||
| tainted-sendFile.js:33:37:33:48 | req.params.x | tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | provenance | Config |
|
||||
| tainted-sendFile.js:35:34:35:45 | req.params.x | tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | provenance | Config |
|
||||
| tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | provenance | Config |
|
||||
| tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | provenance | Config |
|
||||
| tainted-sendFile.js:30:37:30:48 | req.params.x | tainted-sendFile.js:30:16:30:48 | homeDir ... arams.x | provenance | Config |
|
||||
| tainted-sendFile.js:32:34:32:45 | req.params.x | tainted-sendFile.js:32:16:32:46 | path.jo ... rams.x) | provenance | Config |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance | |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance | |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance | |
|
||||
@@ -944,69 +944,69 @@ edges
|
||||
| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance | |
|
||||
| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance | |
|
||||
| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:11:29:11:32 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:19:15:19:18 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:22:15:22:18 | path | provenance | |
|
||||
| typescript.ts:9:7:9:48 | path | typescript.ts:29:15:29:18 | path | provenance | |
|
||||
| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config |
|
||||
| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config |
|
||||
| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance | |
|
||||
| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config |
|
||||
| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance | |
|
||||
| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance | |
|
||||
| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance | |
|
||||
| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance | |
|
||||
| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance | |
|
||||
| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance | |
|
||||
| typescript.ts:19:7:19:18 | path3 | typescript.ts:20:39:20:43 | path3 | provenance | |
|
||||
| typescript.ts:19:15:19:18 | path | typescript.ts:19:7:19:18 | path3 | provenance | |
|
||||
| typescript.ts:22:7:22:18 | path4 | typescript.ts:23:39:23:43 | path4 | provenance | |
|
||||
| typescript.ts:22:15:22:18 | path | typescript.ts:22:7:22:18 | path4 | provenance | |
|
||||
| typescript.ts:29:7:29:18 | path6 | typescript.ts:31:29:31:33 | path6 | provenance | |
|
||||
| typescript.ts:29:15:29:18 | path | typescript.ts:29:7:29:18 | path6 | provenance | |
|
||||
subpaths
|
||||
#select
|
||||
| TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:15:29:15:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:18:33:18:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:18:33:18:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:21:33:21:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:21:33:21:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:24:33:24:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:24:33:24:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:33:31:33:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:33:31:33:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:52:29:52:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:65:31:65:76 | require ... ).query | TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:65:63:65:69 | req.url | user-provided value |
|
||||
| TaintedPath.js:66:31:66:74 | require ... ).query | TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:66:61:66:67 | req.url | user-provided value |
|
||||
| TaintedPath.js:67:31:67:73 | require ... ).query | TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:67:60:67:66 | req.url | user-provided value |
|
||||
| TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:75:48:75:60 | req.params[0] | user-provided value |
|
||||
| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:89:45:89:52 | realpath | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:89:45:89:52 | realpath | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:122:23:122:26 | path | TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:122:23:122:26 | path | This path depends on a $@. | TaintedPath.js:120:23:120:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:128:19:128:22 | path | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:128:19:128:22 | path | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:132:19:132:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:136:19:136:26 | split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:137:19:137:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:140:19:140:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:143:19:143:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:145:19:145:29 | split.pop() | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:145:19:145:29 | split.pop() | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:187:38:187:44 | req.url | user-provided value |
|
||||
| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:188:51:188:57 | req.url | user-provided value |
|
||||
| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:190:44:190:50 | req.url | user-provided value |
|
||||
| TaintedPath.js:196:31:196:34 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:196:31:196:34 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:197:45:197:48 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:197:45:197:48 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:198:35:198:38 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:198:35:198:38 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:206:29:206:85 | path.re ... '), '') | TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:206:29:206:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:202:24:202:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:213:29:213:68 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:29:213:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:216:31:216:69 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:216:31:216:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
|
||||
| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
|
||||
| TaintedPath-es6.js:9:26:9:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:9:26:9:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:11:29:11:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:11:29:11:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:13:29:13:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:13:29:13:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:16:33:16:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:16:33:16:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:19:33:19:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:19:33:19:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:22:33:22:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:22:33:22:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:31:31:31:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:31:31:31:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:45:29:45:56 | pathMod ... , path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:45:29:45:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
|
||||
| TaintedPath.js:54:31:54:76 | require ... ).query | TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:54:63:54:69 | req.url | user-provided value |
|
||||
| TaintedPath.js:55:31:55:74 | require ... ).query | TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:55:61:55:67 | req.url | user-provided value |
|
||||
| TaintedPath.js:56:31:56:73 | require ... ).query | TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:56:60:56:66 | req.url | user-provided value |
|
||||
| TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:64:48:64:60 | req.params[0] | user-provided value |
|
||||
| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:78:45:78:52 | realpath | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:78:45:78:52 | realpath | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:111:23:111:26 | path | TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:111:23:111:26 | path | This path depends on a $@. | TaintedPath.js:109:23:109:29 | req.url | user-provided value |
|
||||
| TaintedPath.js:117:19:117:22 | path | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:117:19:117:22 | path | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:121:19:121:33 | split.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:121:19:121:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:125:19:125:26 | split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:125:19:125:26 | split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:126:19:126:35 | prefix + split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:126:19:126:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:129:19:129:37 | concatted.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:129:19:129:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:132:19:132:38 | concatted2.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:132:19:132:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:134:19:134:29 | split.pop() | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:134:19:134:29 | split.pop() | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:176:38:176:44 | req.url | user-provided value |
|
||||
| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:177:51:177:57 | req.url | user-provided value |
|
||||
| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:179:44:179:50 | req.url | user-provided value |
|
||||
| TaintedPath.js:185:31:185:34 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:185:31:185:34 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:186:45:186:48 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:186:45:186:48 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:187:35:187:38 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:187:35:187:38 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:195:29:195:85 | path.re ... '), '') | TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:195:29:195:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:191:24:191:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:202:29:202:68 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:202:29:202:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
|
||||
| TaintedPath.js:205:31:205:69 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:205:31:205:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
|
||||
| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
|
||||
| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
|
||||
| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
|
||||
| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
|
||||
@@ -1114,18 +1114,18 @@ subpaths
|
||||
| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value |
|
||||
| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value |
|
||||
| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value |
|
||||
| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value |
|
||||
| tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | This path depends on a $@. | tainted-require.js:6:19:6:37 | req.param("module") | user-provided value |
|
||||
| tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | This path depends on a $@. | tainted-require.js:11:29:11:47 | req.param("module") | user-provided value |
|
||||
| tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | This path depends on a $@. | tainted-require.js:13:11:13:29 | req.param("module") | user-provided value |
|
||||
| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | user-provided value |
|
||||
| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value |
|
||||
| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | user-provided value |
|
||||
| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | user-provided value |
|
||||
| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:30:16:30:33 | req.param("gimme") | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:30:16:30:33 | req.param("gimme") | user-provided value |
|
||||
| tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | tainted-sendFile.js:33:37:33:48 | req.params.x | tainted-sendFile.js:33:16:33:48 | homeDir ... arams.x | This path depends on a $@. | tainted-sendFile.js:33:37:33:48 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | tainted-sendFile.js:35:34:35:45 | req.params.x | tainted-sendFile.js:35:16:35:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:35:34:35:45 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:38:43:38:58 | req.param("dir") | tainted-sendFile.js:38:43:38:58 | req.param("dir") | tainted-sendFile.js:38:43:38:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:38:43:38:58 | req.param("dir") | user-provided value |
|
||||
| tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:15:43:15:58 | req.param("dir") | user-provided value |
|
||||
| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:21:37:21:48 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:22:34:22:45 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:27:16:27:33 | req.param("gimme") | tainted-sendFile.js:27:16:27:33 | req.param("gimme") | tainted-sendFile.js:27:16:27:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:27:16:27:33 | req.param("gimme") | user-provided value |
|
||||
| tainted-sendFile.js:30:16:30:48 | homeDir ... arams.x | tainted-sendFile.js:30:37:30:48 | req.params.x | tainted-sendFile.js:30:16:30:48 | homeDir ... arams.x | This path depends on a $@. | tainted-sendFile.js:30:37:30:48 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:32:16:32:46 | path.jo ... rams.x) | tainted-sendFile.js:32:34:32:45 | req.params.x | tainted-sendFile.js:32:16:32:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:32:34:32:45 | req.params.x | user-provided value |
|
||||
| tainted-sendFile.js:35:43:35:58 | req.param("dir") | tainted-sendFile.js:35:43:35:58 | req.param("dir") | tainted-sendFile.js:35:43:35:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:35:43:35:58 | req.param("dir") | user-provided value |
|
||||
| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
@@ -1141,8 +1141,8 @@ subpaths
|
||||
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
|
||||
| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value |
|
||||
| typescript.ts:12:29:12:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:12:29:12:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:21:39:21:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:21:39:21:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:24:39:24:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:24:39:24:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:32:29:32:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:32:29:32:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:11:29:11:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:11:29:11:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:20:39:20:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:20:39:20:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:23:39:23:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:23:39:23:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| typescript.ts:31:29:31:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:31:29:31:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
|
||||
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value |
|
||||
|
||||
@@ -78,7 +78,7 @@ options
|
||||
| uselesscat.js:86:1:86:75 | execFil ... utf8'}) | uselesscat.js:86:57:86:74 | {encoding: 'utf8'} |
|
||||
| uselesscat.js:100:1:100:56 | execFil ... ptions) | uselesscat.js:100:42:100:55 | unknownOptions |
|
||||
| uselesscat.js:111:1:111:51 | spawn(' ... it'] }) | uselesscat.js:111:14:111:50 | { stdio ... rit'] } |
|
||||
| uselesscat.js:136:17:138:2 | execSyn ... tf8'\\n}) | uselesscat.js:136:51:138:1 | { // NO ... utf8'\\n} |
|
||||
| uselesscat.js:136:17:138:2 | execSyn ... tf8'\\n}) | uselesscat.js:136:51:138:1 | { // $ ... utf8'\\n} |
|
||||
| uselesscat.js:147:1:147:47 | shelljs ... utf8'}) | uselesscat.js:147:29:147:46 | {encoding: 'utf8'} |
|
||||
| uselesscat.js:151:1:151:48 | cspawn( ... tf8' }) | uselesscat.js:151:28:151:47 | { encoding: 'utf8' } |
|
||||
| uselesscat.js:156:1:156:35 | cspawn( ... tf8' }) | uselesscat.js:156:15:156:34 | { encoding: 'utf8' } |
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -152,7 +152,7 @@ nodes
|
||||
| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml |
|
||||
| event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | semmle.label | '<h2><a ... ></h2>' |
|
||||
| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href |
|
||||
| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:6:15:6:33 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| jquery.js:2:7:2:40 | tainted | semmle.label | tainted |
|
||||
| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search |
|
||||
| jquery.js:4:5:4:11 | tainted | semmle.label | tainted |
|
||||
@@ -202,8 +202,8 @@ nodes
|
||||
| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| jwt-server.js:9:16:9:20 | taint | semmle.label | taint |
|
||||
| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded |
|
||||
| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded |
|
||||
| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo |
|
||||
| jwt-server.js:10:19:10:25 | decoded | semmle.label | decoded |
|
||||
| jwt-server.js:10:19:10:29 | decoded.foo | semmle.label | decoded.foo |
|
||||
| jwt.js:4:36:4:39 | data | semmle.label | data |
|
||||
| jwt.js:5:9:5:34 | decoded | semmle.label | decoded |
|
||||
| jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) |
|
||||
@@ -348,9 +348,9 @@ nodes
|
||||
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams |
|
||||
| translate.js:9:27:9:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') |
|
||||
| translate.js:8:27:8:38 | searchParams | semmle.label | searchParams |
|
||||
| translate.js:8:27:8:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| translate.js:8:27:8:50 | searchP ... 'term') | semmle.label | searchP ... 'term') |
|
||||
| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x |
|
||||
| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x |
|
||||
| trusted-types.js:3:62:3:62 | x | semmle.label | x |
|
||||
@@ -373,240 +373,240 @@ nodes
|
||||
| tst3.js:10:38:10:43 | data.p | semmle.label | data.p |
|
||||
| tst.js:2:7:2:39 | target | semmle.label | target |
|
||||
| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:5:18:5:23 | target | semmle.label | target |
|
||||
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" | semmle.label | "<OPTIO ... PTION>" |
|
||||
| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:12:5:12:42 | '<div s ... 'px">' | semmle.label | '<div s ... 'px">' |
|
||||
| tst.js:12:28:12:33 | target | semmle.label | target |
|
||||
| tst.js:17:7:17:56 | params | semmle.label | params |
|
||||
| tst.js:17:7:17:56 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] |
|
||||
| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] |
|
||||
| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams |
|
||||
| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] |
|
||||
| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
|
||||
| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
|
||||
| tst.js:17:25:17:41 | document.location | semmle.label | document.location |
|
||||
| tst.js:18:18:18:23 | params | semmle.label | params |
|
||||
| tst.js:18:18:18:23 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') |
|
||||
| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams |
|
||||
| tst.js:20:7:20:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) |
|
||||
| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] |
|
||||
| tst.js:20:42:20:47 | target | semmle.label | target |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams |
|
||||
| tst.js:21:18:21:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') |
|
||||
| tst.js:24:14:24:19 | target | semmle.label | target |
|
||||
| tst.js:26:18:26:23 | target | semmle.label | target |
|
||||
| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:34:16:34:20 | bar() | semmle.label | bar() |
|
||||
| tst.js:36:14:36:14 | x | semmle.label | x |
|
||||
| tst.js:37:10:37:10 | x | semmle.label | x |
|
||||
| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) |
|
||||
| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:42:15:42:15 | s | semmle.label | s |
|
||||
| tst.js:42:15:42:15 | s | semmle.label | s |
|
||||
| tst.js:43:10:43:31 | "<div>" ... </div>" | semmle.label | "<div>" ... </div>" |
|
||||
| tst.js:43:20:43:20 | s | semmle.label | s |
|
||||
| tst.js:43:20:43:20 | s | semmle.label | s |
|
||||
| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) |
|
||||
| tst.js:4:18:4:23 | target | semmle.label | target |
|
||||
| tst.js:6:18:6:126 | "<OPTIO ... PTION>" | semmle.label | "<OPTIO ... PTION>" |
|
||||
| tst.js:6:37:6:58 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:9:5:9:42 | '<div s ... 'px">' | semmle.label | '<div s ... 'px">' |
|
||||
| tst.js:9:28:9:33 | target | semmle.label | target |
|
||||
| tst.js:14:7:14:56 | params | semmle.label | params |
|
||||
| tst.js:14:7:14:56 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] |
|
||||
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] |
|
||||
| tst.js:14:16:14:56 | (new UR ... hParams | semmle.label | (new UR ... hParams |
|
||||
| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] |
|
||||
| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
|
||||
| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
|
||||
| tst.js:14:25:14:41 | document.location | semmle.label | document.location |
|
||||
| tst.js:15:18:15:23 | params | semmle.label | params |
|
||||
| tst.js:15:18:15:23 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:15:18:15:35 | params.get('name') | semmle.label | params.get('name') |
|
||||
| tst.js:17:7:17:61 | searchParams | semmle.label | searchParams |
|
||||
| tst.js:17:7:17:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| tst.js:17:22:17:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) |
|
||||
| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] |
|
||||
| tst.js:17:42:17:47 | target | semmle.label | target |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
|
||||
| tst.js:18:18:18:29 | searchParams | semmle.label | searchParams |
|
||||
| tst.js:18:18:18:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
|
||||
| tst.js:18:18:18:41 | searchP ... 'name') | semmle.label | searchP ... 'name') |
|
||||
| tst.js:21:14:21:19 | target | semmle.label | target |
|
||||
| tst.js:22:18:22:23 | target | semmle.label | target |
|
||||
| tst.js:24:5:24:28 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:27:10:27:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:29:16:29:20 | bar() | semmle.label | bar() |
|
||||
| tst.js:31:14:31:14 | x | semmle.label | x |
|
||||
| tst.js:32:10:32:10 | x | semmle.label | x |
|
||||
| tst.js:34:16:34:44 | baz(doc ... search) | semmle.label | baz(doc ... search) |
|
||||
| tst.js:34:20:34:43 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:36:15:36:15 | s | semmle.label | s |
|
||||
| tst.js:36:15:36:15 | s | semmle.label | s |
|
||||
| tst.js:37:10:37:31 | "<div>" ... </div>" | semmle.label | "<div>" ... </div>" |
|
||||
| tst.js:37:20:37:20 | s | semmle.label | s |
|
||||
| tst.js:37:20:37:20 | s | semmle.label | s |
|
||||
| tst.js:39:16:39:45 | wrap(do ... search) | semmle.label | wrap(do ... search) |
|
||||
| tst.js:39:21:39:44 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:41:15:41:15 | s | semmle.label | s |
|
||||
| tst.js:43:12:43:12 | s | semmle.label | s |
|
||||
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:46:16:46:45 | chop(do ... search) | semmle.label | chop(do ... search) |
|
||||
| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:48:15:48:15 | s | semmle.label | s |
|
||||
| tst.js:50:12:50:12 | s | semmle.label | s |
|
||||
| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) |
|
||||
| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) |
|
||||
| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) |
|
||||
| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) |
|
||||
| tst.js:58:26:58:30 | bar() | semmle.label | bar() |
|
||||
| tst.js:60:34:60:34 | s | semmle.label | s |
|
||||
| tst.js:62:18:62:18 | s | semmle.label | s |
|
||||
| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:68:16:68:20 | bar() | semmle.label | bar() |
|
||||
| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] |
|
||||
| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:70:46:70:46 | x | semmle.label | x |
|
||||
| tst.js:73:20:73:20 | x | semmle.label | x |
|
||||
| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:107:7:107:44 | v | semmle.label | v |
|
||||
| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
|
||||
| tst.js:110:18:110:18 | v | semmle.label | v |
|
||||
| tst.js:136:18:136:18 | v | semmle.label | v |
|
||||
| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search |
|
||||
| tst.js:151:29:151:29 | v | semmle.label | v |
|
||||
| tst.js:151:49:151:49 | v | semmle.label | v |
|
||||
| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() |
|
||||
| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search |
|
||||
| tst.js:177:9:177:41 | target | semmle.label | target |
|
||||
| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:180:28:180:33 | target | semmle.label | target |
|
||||
| tst.js:184:9:184:42 | tainted | semmle.label | tainted |
|
||||
| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:186:31:186:37 | tainted | semmle.label | tainted |
|
||||
| tst.js:188:42:188:48 | tainted | semmle.label | tainted |
|
||||
| tst.js:189:33:189:39 | tainted | semmle.label | tainted |
|
||||
| tst.js:191:54:191:60 | tainted | semmle.label | tainted |
|
||||
| tst.js:192:45:192:51 | tainted | semmle.label | tainted |
|
||||
| tst.js:193:49:193:55 | tainted | semmle.label | tainted |
|
||||
| tst.js:197:9:197:42 | tainted | semmle.label | tainted |
|
||||
| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:199:67:199:73 | tainted | semmle.label | tainted |
|
||||
| tst.js:200:67:200:73 | tainted | semmle.label | tainted |
|
||||
| tst.js:204:35:204:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:206:46:206:52 | tainted | semmle.label | tainted |
|
||||
| tst.js:207:38:207:44 | tainted | semmle.label | tainted |
|
||||
| tst.js:208:35:208:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 |
|
||||
| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 |
|
||||
| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 |
|
||||
| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 |
|
||||
| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 |
|
||||
| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 |
|
||||
| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 |
|
||||
| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 |
|
||||
| tst.js:236:35:236:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:238:20:238:26 | tainted | semmle.label | tainted |
|
||||
| tst.js:240:23:240:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:241:23:241:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted |
|
||||
| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted |
|
||||
| tst.js:255:23:255:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:259:7:259:17 | window.name | semmle.label | window.name |
|
||||
| tst.js:260:7:260:10 | name | semmle.label | name |
|
||||
| tst.js:264:11:264:21 | window.name | semmle.label | window.name |
|
||||
| tst.js:280:22:280:29 | location | semmle.label | location |
|
||||
| tst.js:285:9:285:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:285:19:285:29 | window.name | semmle.label | window.name |
|
||||
| tst.js:288:59:288:65 | tainted | semmle.label | tainted |
|
||||
| tst.js:301:9:301:16 | location | semmle.label | location |
|
||||
| tst.js:302:10:302:10 | e | semmle.label | e |
|
||||
| tst.js:303:20:303:20 | e | semmle.label | e |
|
||||
| tst.js:308:10:308:17 | location | semmle.label | location |
|
||||
| tst.js:310:10:310:10 | e | semmle.label | e |
|
||||
| tst.js:311:20:311:20 | e | semmle.label | e |
|
||||
| tst.js:316:35:316:42 | location | semmle.label | location |
|
||||
| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
|
||||
| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
|
||||
| tst.js:327:18:327:34 | document.location | semmle.label | document.location |
|
||||
| tst.js:331:7:331:43 | params | semmle.label | params |
|
||||
| tst.js:331:7:331:43 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] |
|
||||
| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] |
|
||||
| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams |
|
||||
| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] |
|
||||
| tst.js:332:18:332:23 | params | semmle.label | params |
|
||||
| tst.js:332:18:332:23 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') |
|
||||
| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] |
|
||||
| tst.js:341:20:341:36 | document.location | semmle.label | document.location |
|
||||
| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] |
|
||||
| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash |
|
||||
| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) |
|
||||
| tst.js:348:7:348:39 | target | semmle.label | target |
|
||||
| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:349:12:349:17 | target | semmle.label | target |
|
||||
| tst.js:355:10:355:42 | target | semmle.label | target |
|
||||
| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:356:16:356:21 | target | semmle.label | target |
|
||||
| tst.js:357:20:357:25 | target | semmle.label | target |
|
||||
| tst.js:360:21:360:26 | target | semmle.label | target |
|
||||
| tst.js:363:18:363:23 | target | semmle.label | target |
|
||||
| tst.js:371:7:371:39 | target | semmle.label | target |
|
||||
| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:374:18:374:23 | target | semmle.label | target |
|
||||
| tst.js:381:7:381:39 | target | semmle.label | target |
|
||||
| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:384:18:384:23 | target | semmle.label | target |
|
||||
| tst.js:386:18:386:23 | target | semmle.label | target |
|
||||
| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint |
|
||||
| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] |
|
||||
| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] |
|
||||
| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 |
|
||||
| tst.js:397:18:397:23 | target | semmle.label | target |
|
||||
| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 |
|
||||
| tst.js:406:18:406:23 | target | semmle.label | target |
|
||||
| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 |
|
||||
| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] |
|
||||
| tst.js:408:19:408:24 | target | semmle.label | target |
|
||||
| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] |
|
||||
| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 |
|
||||
| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] |
|
||||
| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 |
|
||||
| tst.js:416:7:416:46 | payload | semmle.label | payload |
|
||||
| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) |
|
||||
| tst.js:417:18:417:24 | payload | semmle.label | payload |
|
||||
| tst.js:419:7:419:55 | match | semmle.label | match |
|
||||
| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) |
|
||||
| tst.js:421:20:421:24 | match | semmle.label | match |
|
||||
| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] |
|
||||
| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] |
|
||||
| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
|
||||
| tst.js:428:7:428:39 | target | semmle.label | target |
|
||||
| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:430:18:430:23 | target | semmle.label | target |
|
||||
| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') |
|
||||
| tst.js:436:6:436:38 | source | semmle.label | source |
|
||||
| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:440:28:440:33 | source | semmle.label | source |
|
||||
| tst.js:441:33:441:38 | source | semmle.label | source |
|
||||
| tst.js:442:34:442:39 | source | semmle.label | source |
|
||||
| tst.js:443:41:443:46 | source | semmle.label | source |
|
||||
| tst.js:444:44:444:49 | source | semmle.label | source |
|
||||
| tst.js:445:32:445:37 | source | semmle.label | source |
|
||||
| tst.js:453:7:453:39 | source | semmle.label | source |
|
||||
| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:455:18:455:23 | source | semmle.label | source |
|
||||
| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) |
|
||||
| tst.js:456:36:456:41 | source | semmle.label | source |
|
||||
| tst.js:460:6:460:38 | source | semmle.label | source |
|
||||
| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:463:21:463:26 | source | semmle.label | source |
|
||||
| tst.js:465:19:465:24 | source | semmle.label | source |
|
||||
| tst.js:467:20:467:25 | source | semmle.label | source |
|
||||
| tst.js:471:7:471:46 | url | semmle.label | url |
|
||||
| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
|
||||
| tst.js:473:19:473:21 | url | semmle.label | url |
|
||||
| tst.js:474:26:474:28 | url | semmle.label | url |
|
||||
| tst.js:475:25:475:27 | url | semmle.label | url |
|
||||
| tst.js:476:20:476:22 | url | semmle.label | url |
|
||||
| tst.js:486:22:486:24 | url | semmle.label | url |
|
||||
| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash |
|
||||
| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
|
||||
| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash |
|
||||
| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
|
||||
| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) |
|
||||
| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:508:7:508:39 | target | semmle.label | target |
|
||||
| tst.js:508:16:508:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:509:18:509:23 | target | semmle.label | target |
|
||||
| tst.js:509:18:509:54 | target. ... "), '') | semmle.label | target. ... "), '') |
|
||||
| tst.js:47:16:47:45 | chop(do ... search) | semmle.label | chop(do ... search) |
|
||||
| tst.js:47:21:47:44 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:48:16:48:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) |
|
||||
| tst.js:48:26:48:30 | bar() | semmle.label | bar() |
|
||||
| tst.js:50:34:50:34 | s | semmle.label | s |
|
||||
| tst.js:51:18:51:18 | s | semmle.label | s |
|
||||
| tst.js:53:25:53:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:54:25:54:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:56:16:56:20 | bar() | semmle.label | bar() |
|
||||
| tst.js:58:1:58:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] |
|
||||
| tst.js:58:3:58:26 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:58:46:58:46 | x | semmle.label | x |
|
||||
| tst.js:60:20:60:20 | x | semmle.label | x |
|
||||
| tst.js:63:49:63:72 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:67:26:67:49 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:68:25:68:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:70:33:70:56 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:71:32:71:55 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:76:39:76:62 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:82:30:82:53 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:88:25:88:48 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:93:7:93:44 | v | semmle.label | v |
|
||||
| tst.js:93:11:93:34 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:93:11:93:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
|
||||
| tst.js:95:18:95:18 | v | semmle.label | v |
|
||||
| tst.js:120:18:120:18 | v | semmle.label | v |
|
||||
| tst.js:132:29:132:50 | window. ... .search | semmle.label | window. ... .search |
|
||||
| tst.js:135:29:135:29 | v | semmle.label | v |
|
||||
| tst.js:135:49:135:49 | v | semmle.label | v |
|
||||
| tst.js:139:29:139:46 | xssSourceService() | semmle.label | xssSourceService() |
|
||||
| tst.js:142:40:142:61 | window. ... .search | semmle.label | window. ... .search |
|
||||
| tst.js:161:9:161:41 | target | semmle.label | target |
|
||||
| tst.js:161:18:161:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:164:28:164:33 | target | semmle.label | target |
|
||||
| tst.js:168:9:168:42 | tainted | semmle.label | tainted |
|
||||
| tst.js:168:19:168:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:170:31:170:37 | tainted | semmle.label | tainted |
|
||||
| tst.js:172:42:172:48 | tainted | semmle.label | tainted |
|
||||
| tst.js:173:33:173:39 | tainted | semmle.label | tainted |
|
||||
| tst.js:175:54:175:60 | tainted | semmle.label | tainted |
|
||||
| tst.js:176:45:176:51 | tainted | semmle.label | tainted |
|
||||
| tst.js:177:49:177:55 | tainted | semmle.label | tainted |
|
||||
| tst.js:181:9:181:42 | tainted | semmle.label | tainted |
|
||||
| tst.js:181:19:181:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:183:67:183:73 | tainted | semmle.label | tainted |
|
||||
| tst.js:184:67:184:73 | tainted | semmle.label | tainted |
|
||||
| tst.js:188:35:188:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:190:46:190:52 | tainted | semmle.label | tainted |
|
||||
| tst.js:191:38:191:44 | tainted | semmle.label | tainted |
|
||||
| tst.js:192:35:192:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:196:28:196:46 | this.state.tainted1 | semmle.label | this.state.tainted1 |
|
||||
| tst.js:197:28:197:46 | this.state.tainted2 | semmle.label | this.state.tainted2 |
|
||||
| tst.js:198:28:198:46 | this.state.tainted3 | semmle.label | this.state.tainted3 |
|
||||
| tst.js:202:32:202:49 | prevState.tainted4 | semmle.label | prevState.tainted4 |
|
||||
| tst.js:209:28:209:46 | this.props.tainted1 | semmle.label | this.props.tainted1 |
|
||||
| tst.js:210:28:210:46 | this.props.tainted2 | semmle.label | this.props.tainted2 |
|
||||
| tst.js:211:28:211:46 | this.props.tainted3 | semmle.label | this.props.tainted3 |
|
||||
| tst.js:215:32:215:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 |
|
||||
| tst.js:220:35:220:41 | tainted | semmle.label | tainted |
|
||||
| tst.js:222:20:222:26 | tainted | semmle.label | tainted |
|
||||
| tst.js:224:23:224:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:225:23:225:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:231:39:231:55 | props.propTainted | semmle.label | props.propTainted |
|
||||
| tst.js:235:60:235:82 | this.st ... Tainted | semmle.label | this.st ... Tainted |
|
||||
| tst.js:239:23:239:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:243:7:243:17 | window.name | semmle.label | window.name |
|
||||
| tst.js:244:7:244:10 | name | semmle.label | name |
|
||||
| tst.js:248:11:248:21 | window.name | semmle.label | window.name |
|
||||
| tst.js:264:22:264:29 | location | semmle.label | location |
|
||||
| tst.js:269:9:269:29 | tainted | semmle.label | tainted |
|
||||
| tst.js:269:19:269:29 | window.name | semmle.label | window.name |
|
||||
| tst.js:272:59:272:65 | tainted | semmle.label | tainted |
|
||||
| tst.js:285:9:285:16 | location | semmle.label | location |
|
||||
| tst.js:286:10:286:10 | e | semmle.label | e |
|
||||
| tst.js:287:20:287:20 | e | semmle.label | e |
|
||||
| tst.js:292:10:292:17 | location | semmle.label | location |
|
||||
| tst.js:294:10:294:10 | e | semmle.label | e |
|
||||
| tst.js:295:20:295:20 | e | semmle.label | e |
|
||||
| tst.js:300:35:300:42 | location | semmle.label | location |
|
||||
| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
|
||||
| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
|
||||
| tst.js:311:18:311:34 | document.location | semmle.label | document.location |
|
||||
| tst.js:315:7:315:43 | params | semmle.label | params |
|
||||
| tst.js:315:7:315:43 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] |
|
||||
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] |
|
||||
| tst.js:315:16:315:43 | getTain ... hParams | semmle.label | getTain ... hParams |
|
||||
| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] |
|
||||
| tst.js:316:18:316:23 | params | semmle.label | params |
|
||||
| tst.js:316:18:316:23 | params [MapValue] | semmle.label | params [MapValue] |
|
||||
| tst.js:316:18:316:35 | params.get('name') | semmle.label | params.get('name') |
|
||||
| tst.js:325:12:325:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] |
|
||||
| tst.js:325:20:325:36 | document.location | semmle.label | document.location |
|
||||
| tst.js:327:5:327:12 | getUrl() [hash] | semmle.label | getUrl() [hash] |
|
||||
| tst.js:327:5:327:17 | getUrl().hash | semmle.label | getUrl().hash |
|
||||
| tst.js:327:5:327:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) |
|
||||
| tst.js:332:7:332:39 | target | semmle.label | target |
|
||||
| tst.js:332:16:332:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:333:12:333:17 | target | semmle.label | target |
|
||||
| tst.js:339:10:339:42 | target | semmle.label | target |
|
||||
| tst.js:339:19:339:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:340:16:340:21 | target | semmle.label | target |
|
||||
| tst.js:341:20:341:25 | target | semmle.label | target |
|
||||
| tst.js:344:21:344:26 | target | semmle.label | target |
|
||||
| tst.js:347:18:347:23 | target | semmle.label | target |
|
||||
| tst.js:355:7:355:39 | target | semmle.label | target |
|
||||
| tst.js:355:16:355:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:357:18:357:23 | target | semmle.label | target |
|
||||
| tst.js:364:7:364:39 | target | semmle.label | target |
|
||||
| tst.js:364:16:364:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:367:18:367:23 | target | semmle.label | target |
|
||||
| tst.js:369:18:369:23 | target | semmle.label | target |
|
||||
| tst.js:369:18:369:29 | target.taint | semmle.label | target.taint |
|
||||
| tst.js:374:3:374:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] |
|
||||
| tst.js:374:19:374:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:375:18:375:23 | target [taint3] | semmle.label | target [taint3] |
|
||||
| tst.js:375:18:375:30 | target.taint3 | semmle.label | target.taint3 |
|
||||
| tst.js:380:18:380:23 | target | semmle.label | target |
|
||||
| tst.js:380:18:380:30 | target.taint5 | semmle.label | target.taint5 |
|
||||
| tst.js:389:18:389:23 | target | semmle.label | target |
|
||||
| tst.js:389:18:389:30 | target.taint7 | semmle.label | target.taint7 |
|
||||
| tst.js:391:3:391:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] |
|
||||
| tst.js:391:19:391:24 | target | semmle.label | target |
|
||||
| tst.js:391:19:391:24 | target [taint8] | semmle.label | target [taint8] |
|
||||
| tst.js:391:19:391:31 | target.taint8 | semmle.label | target.taint8 |
|
||||
| tst.js:392:18:392:23 | target [taint8] | semmle.label | target [taint8] |
|
||||
| tst.js:392:18:392:30 | target.taint8 | semmle.label | target.taint8 |
|
||||
| tst.js:399:7:399:46 | payload | semmle.label | payload |
|
||||
| tst.js:399:17:399:36 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:399:17:399:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) |
|
||||
| tst.js:400:18:400:24 | payload | semmle.label | payload |
|
||||
| tst.js:402:7:402:55 | match | semmle.label | match |
|
||||
| tst.js:402:15:402:34 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:402:15:402:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) |
|
||||
| tst.js:404:20:404:24 | match | semmle.label | match |
|
||||
| tst.js:404:20:404:27 | match[1] | semmle.label | match[1] |
|
||||
| tst.js:407:18:407:37 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:407:18:407:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] |
|
||||
| tst.js:407:18:407:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
|
||||
| tst.js:411:7:411:39 | target | semmle.label | target |
|
||||
| tst.js:411:16:411:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:413:18:413:23 | target | semmle.label | target |
|
||||
| tst.js:413:18:413:89 | target. ... data>') | semmle.label | target. ... data>') |
|
||||
| tst.js:419:6:419:38 | source | semmle.label | source |
|
||||
| tst.js:419:15:419:38 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:423:28:423:33 | source | semmle.label | source |
|
||||
| tst.js:424:33:424:38 | source | semmle.label | source |
|
||||
| tst.js:425:34:425:39 | source | semmle.label | source |
|
||||
| tst.js:426:41:426:46 | source | semmle.label | source |
|
||||
| tst.js:427:44:427:49 | source | semmle.label | source |
|
||||
| tst.js:428:32:428:37 | source | semmle.label | source |
|
||||
| tst.js:436:7:436:39 | source | semmle.label | source |
|
||||
| tst.js:436:16:436:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:438:18:438:23 | source | semmle.label | source |
|
||||
| tst.js:439:18:439:42 | ansiToH ... source) | semmle.label | ansiToH ... source) |
|
||||
| tst.js:439:36:439:41 | source | semmle.label | source |
|
||||
| tst.js:443:6:443:38 | source | semmle.label | source |
|
||||
| tst.js:443:15:443:38 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:446:21:446:26 | source | semmle.label | source |
|
||||
| tst.js:448:19:448:24 | source | semmle.label | source |
|
||||
| tst.js:450:20:450:25 | source | semmle.label | source |
|
||||
| tst.js:454:7:454:46 | url | semmle.label | url |
|
||||
| tst.js:454:13:454:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:454:13:454:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
|
||||
| tst.js:456:19:456:21 | url | semmle.label | url |
|
||||
| tst.js:457:26:457:28 | url | semmle.label | url |
|
||||
| tst.js:458:25:458:27 | url | semmle.label | url |
|
||||
| tst.js:459:20:459:22 | url | semmle.label | url |
|
||||
| tst.js:469:22:469:24 | url | semmle.label | url |
|
||||
| tst.js:474:23:474:35 | location.hash | semmle.label | location.hash |
|
||||
| tst.js:474:23:474:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
|
||||
| tst.js:477:18:477:30 | location.hash | semmle.label | location.hash |
|
||||
| tst.js:477:18:477:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
|
||||
| tst.js:484:33:484:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) |
|
||||
| tst.js:484:43:484:62 | window.location.hash | semmle.label | window.location.hash |
|
||||
| tst.js:491:7:491:39 | target | semmle.label | target |
|
||||
| tst.js:491:16:491:39 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:492:18:492:23 | target | semmle.label | target |
|
||||
| tst.js:492:18:492:54 | target. ... "), '') | semmle.label | target. ... "), '') |
|
||||
| typeahead.js:9:28:9:30 | loc | semmle.label | loc |
|
||||
| typeahead.js:10:16:10:18 | loc | semmle.label | loc |
|
||||
| typeahead.js:20:13:20:45 | target | semmle.label | target |
|
||||
@@ -831,8 +831,8 @@ edges
|
||||
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | |
|
||||
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | |
|
||||
| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | |
|
||||
| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | |
|
||||
| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | |
|
||||
| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:10:19:10:25 | decoded | provenance | |
|
||||
| jwt-server.js:10:19:10:25 | decoded | jwt-server.js:10:19:10:29 | decoded.foo | provenance | |
|
||||
| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | |
|
||||
| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | |
|
||||
| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | |
|
||||
@@ -943,8 +943,8 @@ edges
|
||||
| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | |
|
||||
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | |
|
||||
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | |
|
||||
| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | |
|
||||
| translate.js:7:7:7:61 | searchParams [MapValue] | translate.js:9:27:9:38 | searchParams [MapValue] | provenance | |
|
||||
| translate.js:7:7:7:61 | searchParams | translate.js:8:27:8:38 | searchParams | provenance | |
|
||||
| translate.js:7:7:7:61 | searchParams [MapValue] | translate.js:8:27:8:38 | searchParams [MapValue] | provenance | |
|
||||
| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | |
|
||||
| translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | translate.js:7:7:7:61 | searchParams [MapValue] | provenance | |
|
||||
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | |
|
||||
@@ -954,8 +954,8 @@ edges
|
||||
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config |
|
||||
| translate.js:9:27:9:38 | searchParams [MapValue] | translate.js:9:27:9:50 | searchP ... 'term') | provenance | |
|
||||
| translate.js:8:27:8:38 | searchParams | translate.js:8:27:8:50 | searchP ... 'term') | provenance | Config |
|
||||
| translate.js:8:27:8:38 | searchParams [MapValue] | translate.js:8:27:8:50 | searchP ... 'term') | provenance | |
|
||||
| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | |
|
||||
| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | |
|
||||
| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | |
|
||||
@@ -973,217 +973,217 @@ edges
|
||||
| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | |
|
||||
| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | |
|
||||
| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:4:18:4:23 | target | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:9:28:9:33 | target | provenance | |
|
||||
| tst.js:2:7:2:39 | target | tst.js:17:42:17:47 | target | provenance | |
|
||||
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | |
|
||||
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config |
|
||||
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | provenance | |
|
||||
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | provenance | |
|
||||
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" | provenance | Config |
|
||||
| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '<div s ... 'px">' | provenance | Config |
|
||||
| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | |
|
||||
| tst.js:17:7:17:56 | params [MapValue] | tst.js:18:18:18:23 | params [MapValue] | provenance | |
|
||||
| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | provenance | |
|
||||
| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | |
|
||||
| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | |
|
||||
| tst.js:17:16:17:56 | (new UR ... hParams [MapValue] | tst.js:17:7:17:56 | params [MapValue] | provenance | |
|
||||
| tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | |
|
||||
| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | |
|
||||
| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config |
|
||||
| tst.js:18:18:18:23 | params [MapValue] | tst.js:18:18:18:35 | params.get('name') | provenance | |
|
||||
| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | |
|
||||
| tst.js:20:7:20:61 | searchParams [MapValue] | tst.js:21:18:21:29 | searchParams [MapValue] | provenance | |
|
||||
| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | |
|
||||
| tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | tst.js:20:7:20:61 | searchParams [MapValue] | provenance | |
|
||||
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | |
|
||||
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config |
|
||||
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config |
|
||||
| tst.js:21:18:21:29 | searchParams [MapValue] | tst.js:21:18:21:41 | searchP ... 'name') | provenance | |
|
||||
| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | |
|
||||
| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | |
|
||||
| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | |
|
||||
| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | |
|
||||
| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | |
|
||||
| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | |
|
||||
| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | |
|
||||
| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | |
|
||||
| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | |
|
||||
| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | |
|
||||
| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | provenance | |
|
||||
| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | provenance | |
|
||||
| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | provenance | Config |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config |
|
||||
| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | |
|
||||
| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | |
|
||||
| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config |
|
||||
| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config |
|
||||
| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | |
|
||||
| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | |
|
||||
| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config |
|
||||
| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | |
|
||||
| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
|
||||
| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
|
||||
| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | |
|
||||
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | |
|
||||
| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | |
|
||||
| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | |
|
||||
| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | |
|
||||
| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | |
|
||||
| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config |
|
||||
| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | |
|
||||
| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | |
|
||||
| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | |
|
||||
| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | |
|
||||
| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | |
|
||||
| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | |
|
||||
| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | |
|
||||
| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | |
|
||||
| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
|
||||
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | |
|
||||
| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | |
|
||||
| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | |
|
||||
| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | |
|
||||
| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | |
|
||||
| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | |
|
||||
| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | |
|
||||
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | |
|
||||
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | |
|
||||
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | |
|
||||
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | |
|
||||
| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | |
|
||||
| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | |
|
||||
| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | |
|
||||
| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | |
|
||||
| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | |
|
||||
| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | |
|
||||
| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | |
|
||||
| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
|
||||
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | |
|
||||
| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | |
|
||||
| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | |
|
||||
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | |
|
||||
| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | |
|
||||
| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | |
|
||||
| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | |
|
||||
| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | |
|
||||
| tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | provenance | |
|
||||
| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | |
|
||||
| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | |
|
||||
| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | |
|
||||
| tst.js:331:7:331:43 | params [MapValue] | tst.js:332:18:332:23 | params [MapValue] | provenance | |
|
||||
| tst.js:331:16:331:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:331:16:331:43 | getTain ... hParams [MapValue] | provenance | |
|
||||
| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | |
|
||||
| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | |
|
||||
| tst.js:331:16:331:43 | getTain ... hParams [MapValue] | tst.js:331:7:331:43 | params [MapValue] | provenance | |
|
||||
| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config |
|
||||
| tst.js:332:18:332:23 | params [MapValue] | tst.js:332:18:332:35 | params.get('name') | provenance | |
|
||||
| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | |
|
||||
| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | |
|
||||
| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | |
|
||||
| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config |
|
||||
| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | |
|
||||
| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | |
|
||||
| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | |
|
||||
| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | |
|
||||
| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | |
|
||||
| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | |
|
||||
| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | |
|
||||
| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | |
|
||||
| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | |
|
||||
| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | |
|
||||
| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | |
|
||||
| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | |
|
||||
| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | |
|
||||
| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | |
|
||||
| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | |
|
||||
| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | |
|
||||
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | |
|
||||
| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | |
|
||||
| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | |
|
||||
| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | |
|
||||
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | |
|
||||
| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | |
|
||||
| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | |
|
||||
| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | |
|
||||
| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | |
|
||||
| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | |
|
||||
| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | |
|
||||
| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | |
|
||||
| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | |
|
||||
| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | |
|
||||
| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config |
|
||||
| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | |
|
||||
| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | |
|
||||
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | |
|
||||
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | |
|
||||
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | |
|
||||
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config |
|
||||
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
|
||||
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
|
||||
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
|
||||
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | |
|
||||
| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | |
|
||||
| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | |
|
||||
| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | |
|
||||
| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | |
|
||||
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | |
|
||||
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | |
|
||||
| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | |
|
||||
| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | |
|
||||
| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | |
|
||||
| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | |
|
||||
| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | |
|
||||
| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | |
|
||||
| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | |
|
||||
| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | |
|
||||
| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | |
|
||||
| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config |
|
||||
| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | |
|
||||
| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config |
|
||||
| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config |
|
||||
| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | |
|
||||
| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | provenance | |
|
||||
| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | provenance | |
|
||||
| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | provenance | |
|
||||
| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | Config |
|
||||
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | |
|
||||
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | |
|
||||
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | Config |
|
||||
| tst.js:9:28:9:33 | target | tst.js:9:5:9:42 | '<div s ... 'px">' | provenance | Config |
|
||||
| tst.js:14:7:14:56 | params | tst.js:15:18:15:23 | params | provenance | |
|
||||
| tst.js:14:7:14:56 | params [MapValue] | tst.js:15:18:15:23 | params [MapValue] | provenance | |
|
||||
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | provenance | |
|
||||
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | tst.js:14:16:14:56 | (new UR ... hParams | provenance | |
|
||||
| tst.js:14:16:14:56 | (new UR ... hParams | tst.js:14:7:14:56 | params | provenance | |
|
||||
| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | tst.js:14:7:14:56 | params [MapValue] | provenance | |
|
||||
| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | provenance | |
|
||||
| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams] | provenance | |
|
||||
| tst.js:15:18:15:23 | params | tst.js:15:18:15:35 | params.get('name') | provenance | Config |
|
||||
| tst.js:15:18:15:23 | params [MapValue] | tst.js:15:18:15:35 | params.get('name') | provenance | |
|
||||
| tst.js:17:7:17:61 | searchParams | tst.js:18:18:18:29 | searchParams | provenance | |
|
||||
| tst.js:17:7:17:61 | searchParams [MapValue] | tst.js:18:18:18:29 | searchParams [MapValue] | provenance | |
|
||||
| tst.js:17:22:17:61 | new URL ... ing(1)) | tst.js:17:7:17:61 | searchParams | provenance | |
|
||||
| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | tst.js:17:7:17:61 | searchParams [MapValue] | provenance | |
|
||||
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | |
|
||||
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config |
|
||||
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) | provenance | |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
|
||||
| tst.js:18:18:18:29 | searchParams | tst.js:18:18:18:41 | searchP ... 'name') | provenance | Config |
|
||||
| tst.js:18:18:18:29 | searchParams [MapValue] | tst.js:18:18:18:41 | searchP ... 'name') | provenance | |
|
||||
| tst.js:21:14:21:19 | target | tst.js:22:18:22:23 | target | provenance | |
|
||||
| tst.js:24:5:24:28 | documen ... .search | tst.js:21:14:21:19 | target | provenance | |
|
||||
| tst.js:27:10:27:33 | documen ... .search | tst.js:29:16:29:20 | bar() | provenance | |
|
||||
| tst.js:27:10:27:33 | documen ... .search | tst.js:48:26:48:30 | bar() | provenance | |
|
||||
| tst.js:27:10:27:33 | documen ... .search | tst.js:56:16:56:20 | bar() | provenance | |
|
||||
| tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | provenance | |
|
||||
| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | provenance | |
|
||||
| tst.js:34:20:34:43 | documen ... .search | tst.js:34:16:34:44 | baz(doc ... search) | provenance | |
|
||||
| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | |
|
||||
| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | |
|
||||
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | |
|
||||
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | |
|
||||
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | Config |
|
||||
| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | provenance | |
|
||||
| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | |
|
||||
| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | Config |
|
||||
| tst.js:41:15:41:15 | s | tst.js:43:12:43:12 | s | provenance | |
|
||||
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | |
|
||||
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config |
|
||||
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | Config |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | Config |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | Config |
|
||||
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | provenance | |
|
||||
| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | |
|
||||
| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | Config |
|
||||
| tst.js:50:34:50:34 | s | tst.js:51:18:51:18 | s | provenance | |
|
||||
| tst.js:53:25:53:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | |
|
||||
| tst.js:54:25:54:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | |
|
||||
| tst.js:58:1:58:27 | [,docum ... search] [1] | tst.js:58:46:58:46 | x | provenance | |
|
||||
| tst.js:58:3:58:26 | documen ... .search | tst.js:58:1:58:27 | [,docum ... search] [1] | provenance | |
|
||||
| tst.js:58:46:58:46 | x | tst.js:60:20:60:20 | x | provenance | |
|
||||
| tst.js:93:7:93:44 | v | tst.js:95:18:95:18 | v | provenance | |
|
||||
| tst.js:93:7:93:44 | v | tst.js:120:18:120:18 | v | provenance | |
|
||||
| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | |
|
||||
| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | Config |
|
||||
| tst.js:93:11:93:44 | documen ... bstr(1) | tst.js:93:7:93:44 | v | provenance | |
|
||||
| tst.js:132:29:132:50 | window. ... .search | tst.js:135:29:135:29 | v | provenance | |
|
||||
| tst.js:135:29:135:29 | v | tst.js:135:49:135:49 | v | provenance | |
|
||||
| tst.js:142:40:142:61 | window. ... .search | tst.js:139:29:139:46 | xssSourceService() | provenance | |
|
||||
| tst.js:161:9:161:41 | target | tst.js:164:28:164:33 | target | provenance | |
|
||||
| tst.js:161:18:161:41 | documen ... .search | tst.js:161:9:161:41 | target | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:170:31:170:37 | tainted | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:172:42:172:48 | tainted | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:173:33:173:39 | tainted | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:175:54:175:60 | tainted | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:176:45:176:51 | tainted | provenance | |
|
||||
| tst.js:168:9:168:42 | tainted | tst.js:177:49:177:55 | tainted | provenance | |
|
||||
| tst.js:168:19:168:42 | documen ... .search | tst.js:168:9:168:42 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:183:67:183:73 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:184:67:184:73 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:220:35:220:41 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:222:20:222:26 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:224:23:224:29 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:225:23:225:29 | tainted | provenance | |
|
||||
| tst.js:181:9:181:42 | tainted | tst.js:239:23:239:29 | tainted | provenance | |
|
||||
| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted | provenance | |
|
||||
| tst.js:183:67:183:73 | tainted | tst.js:184:67:184:73 | tainted | provenance | |
|
||||
| tst.js:184:67:184:73 | tainted | tst.js:188:35:188:41 | tainted | provenance | |
|
||||
| tst.js:184:67:184:73 | tainted | tst.js:190:46:190:52 | tainted | provenance | |
|
||||
| tst.js:184:67:184:73 | tainted | tst.js:191:38:191:44 | tainted | provenance | |
|
||||
| tst.js:184:67:184:73 | tainted | tst.js:192:35:192:41 | tainted | provenance | |
|
||||
| tst.js:184:67:184:73 | tainted | tst.js:220:35:220:41 | tainted | provenance | |
|
||||
| tst.js:188:35:188:41 | tainted | tst.js:196:28:196:46 | this.state.tainted1 | provenance | |
|
||||
| tst.js:190:46:190:52 | tainted | tst.js:197:28:197:46 | this.state.tainted2 | provenance | |
|
||||
| tst.js:191:38:191:44 | tainted | tst.js:198:28:198:46 | this.state.tainted3 | provenance | |
|
||||
| tst.js:192:35:192:41 | tainted | tst.js:202:32:202:49 | prevState.tainted4 | provenance | |
|
||||
| tst.js:220:35:220:41 | tainted | tst.js:209:28:209:46 | this.props.tainted1 | provenance | |
|
||||
| tst.js:220:35:220:41 | tainted | tst.js:222:20:222:26 | tainted | provenance | |
|
||||
| tst.js:222:20:222:26 | tainted | tst.js:210:28:210:46 | this.props.tainted2 | provenance | |
|
||||
| tst.js:222:20:222:26 | tainted | tst.js:224:23:224:29 | tainted | provenance | |
|
||||
| tst.js:224:23:224:29 | tainted | tst.js:211:28:211:46 | this.props.tainted3 | provenance | |
|
||||
| tst.js:224:23:224:29 | tainted | tst.js:225:23:225:29 | tainted | provenance | |
|
||||
| tst.js:225:23:225:29 | tainted | tst.js:215:32:215:49 | prevProps.tainted4 | provenance | |
|
||||
| tst.js:225:23:225:29 | tainted | tst.js:239:23:239:29 | tainted | provenance | |
|
||||
| tst.js:231:39:231:55 | props.propTainted | tst.js:235:60:235:82 | this.st ... Tainted | provenance | |
|
||||
| tst.js:239:23:239:29 | tainted | tst.js:231:39:231:55 | props.propTainted | provenance | |
|
||||
| tst.js:269:9:269:29 | tainted | tst.js:272:59:272:65 | tainted | provenance | |
|
||||
| tst.js:269:19:269:29 | window.name | tst.js:269:9:269:29 | tainted | provenance | |
|
||||
| tst.js:285:9:285:16 | location | tst.js:286:10:286:10 | e | provenance | |
|
||||
| tst.js:286:10:286:10 | e | tst.js:287:20:287:20 | e | provenance | |
|
||||
| tst.js:292:10:292:17 | location | tst.js:294:10:294:10 | e | provenance | |
|
||||
| tst.js:294:10:294:10 | e | tst.js:295:20:295:20 | e | provenance | |
|
||||
| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | provenance | |
|
||||
| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | provenance | |
|
||||
| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | provenance | |
|
||||
| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams] | provenance | |
|
||||
| tst.js:315:7:315:43 | params | tst.js:316:18:316:23 | params | provenance | |
|
||||
| tst.js:315:7:315:43 | params [MapValue] | tst.js:316:18:316:23 | params [MapValue] | provenance | |
|
||||
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:315:16:315:43 | getTain ... hParams [MapValue] | provenance | |
|
||||
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | tst.js:315:16:315:43 | getTain ... hParams | provenance | |
|
||||
| tst.js:315:16:315:43 | getTain ... hParams | tst.js:315:7:315:43 | params | provenance | |
|
||||
| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | tst.js:315:7:315:43 | params [MapValue] | provenance | |
|
||||
| tst.js:316:18:316:23 | params | tst.js:316:18:316:35 | params.get('name') | provenance | Config |
|
||||
| tst.js:316:18:316:23 | params [MapValue] | tst.js:316:18:316:35 | params.get('name') | provenance | |
|
||||
| tst.js:325:12:325:37 | new URL ... cation) [hash] | tst.js:327:5:327:12 | getUrl() [hash] | provenance | |
|
||||
| tst.js:325:20:325:36 | document.location | tst.js:325:12:325:37 | new URL ... cation) [hash] | provenance | |
|
||||
| tst.js:327:5:327:12 | getUrl() [hash] | tst.js:327:5:327:17 | getUrl().hash | provenance | |
|
||||
| tst.js:327:5:327:17 | getUrl().hash | tst.js:327:5:327:30 | getUrl( ... ring(1) | provenance | Config |
|
||||
| tst.js:332:7:332:39 | target | tst.js:333:12:333:17 | target | provenance | |
|
||||
| tst.js:332:16:332:39 | documen ... .search | tst.js:332:7:332:39 | target | provenance | |
|
||||
| tst.js:339:10:339:42 | target | tst.js:340:16:340:21 | target | provenance | |
|
||||
| tst.js:339:10:339:42 | target | tst.js:341:20:341:25 | target | provenance | |
|
||||
| tst.js:339:19:339:42 | documen ... .search | tst.js:339:10:339:42 | target | provenance | |
|
||||
| tst.js:340:16:340:21 | target | tst.js:341:20:341:25 | target | provenance | |
|
||||
| tst.js:341:20:341:25 | target | tst.js:344:21:344:26 | target | provenance | |
|
||||
| tst.js:341:20:341:25 | target | tst.js:347:18:347:23 | target | provenance | |
|
||||
| tst.js:355:7:355:39 | target | tst.js:357:18:357:23 | target | provenance | |
|
||||
| tst.js:355:16:355:39 | documen ... .search | tst.js:355:7:355:39 | target | provenance | |
|
||||
| tst.js:364:7:364:39 | target | tst.js:367:18:367:23 | target | provenance | |
|
||||
| tst.js:364:7:364:39 | target | tst.js:369:18:369:23 | target | provenance | |
|
||||
| tst.js:364:7:364:39 | target | tst.js:380:18:380:23 | target | provenance | |
|
||||
| tst.js:364:7:364:39 | target | tst.js:389:18:389:23 | target | provenance | |
|
||||
| tst.js:364:7:364:39 | target | tst.js:391:19:391:24 | target | provenance | |
|
||||
| tst.js:364:16:364:39 | documen ... .search | tst.js:364:7:364:39 | target | provenance | |
|
||||
| tst.js:369:18:369:23 | target | tst.js:369:18:369:29 | target.taint | provenance | |
|
||||
| tst.js:374:3:374:8 | [post update] target [taint3] | tst.js:375:18:375:23 | target [taint3] | provenance | |
|
||||
| tst.js:374:19:374:42 | documen ... .search | tst.js:374:3:374:8 | [post update] target [taint3] | provenance | |
|
||||
| tst.js:375:18:375:23 | target [taint3] | tst.js:375:18:375:30 | target.taint3 | provenance | |
|
||||
| tst.js:380:18:380:23 | target | tst.js:380:18:380:30 | target.taint5 | provenance | |
|
||||
| tst.js:389:18:389:23 | target | tst.js:389:18:389:30 | target.taint7 | provenance | |
|
||||
| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:391:19:391:24 | target [taint8] | provenance | |
|
||||
| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:392:18:392:23 | target [taint8] | provenance | |
|
||||
| tst.js:391:19:391:24 | target | tst.js:391:19:391:31 | target.taint8 | provenance | |
|
||||
| tst.js:391:19:391:24 | target [taint8] | tst.js:391:19:391:31 | target.taint8 | provenance | |
|
||||
| tst.js:391:19:391:31 | target.taint8 | tst.js:391:3:391:8 | [post update] target [taint8] | provenance | |
|
||||
| tst.js:392:18:392:23 | target [taint8] | tst.js:392:18:392:30 | target.taint8 | provenance | |
|
||||
| tst.js:399:7:399:46 | payload | tst.js:400:18:400:24 | payload | provenance | |
|
||||
| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | |
|
||||
| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | Config |
|
||||
| tst.js:399:17:399:46 | window. ... bstr(1) | tst.js:399:7:399:46 | payload | provenance | |
|
||||
| tst.js:402:7:402:55 | match | tst.js:404:20:404:24 | match | provenance | |
|
||||
| tst.js:402:15:402:34 | window.location.hash | tst.js:402:15:402:55 | window. ... (\\w+)/) | provenance | |
|
||||
| tst.js:402:15:402:55 | window. ... (\\w+)/) | tst.js:402:7:402:55 | match | provenance | |
|
||||
| tst.js:404:20:404:24 | match | tst.js:404:20:404:27 | match[1] | provenance | |
|
||||
| tst.js:407:18:407:37 | window.location.hash | tst.js:407:18:407:48 | window. ... it('#') [1] | provenance | Config |
|
||||
| tst.js:407:18:407:48 | window. ... it('#') [1] | tst.js:407:18:407:51 | window. ... '#')[1] | provenance | |
|
||||
| tst.js:411:7:411:39 | target | tst.js:413:18:413:23 | target | provenance | |
|
||||
| tst.js:411:16:411:39 | documen ... .search | tst.js:411:7:411:39 | target | provenance | |
|
||||
| tst.js:413:18:413:23 | target | tst.js:413:18:413:89 | target. ... data>') | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:423:28:423:33 | source | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:424:33:424:38 | source | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:425:34:425:39 | source | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:426:41:426:46 | source | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:427:44:427:49 | source | provenance | |
|
||||
| tst.js:419:6:419:38 | source | tst.js:428:32:428:37 | source | provenance | |
|
||||
| tst.js:419:15:419:38 | documen ... .search | tst.js:419:6:419:38 | source | provenance | |
|
||||
| tst.js:436:7:436:39 | source | tst.js:438:18:438:23 | source | provenance | |
|
||||
| tst.js:436:7:436:39 | source | tst.js:439:36:439:41 | source | provenance | |
|
||||
| tst.js:436:16:436:39 | documen ... .search | tst.js:436:7:436:39 | source | provenance | |
|
||||
| tst.js:439:36:439:41 | source | tst.js:439:18:439:42 | ansiToH ... source) | provenance | |
|
||||
| tst.js:443:6:443:38 | source | tst.js:446:21:446:26 | source | provenance | |
|
||||
| tst.js:443:6:443:38 | source | tst.js:448:19:448:24 | source | provenance | |
|
||||
| tst.js:443:6:443:38 | source | tst.js:450:20:450:25 | source | provenance | |
|
||||
| tst.js:443:15:443:38 | documen ... .search | tst.js:443:6:443:38 | source | provenance | |
|
||||
| tst.js:454:7:454:46 | url | tst.js:456:19:456:21 | url | provenance | |
|
||||
| tst.js:454:7:454:46 | url | tst.js:457:26:457:28 | url | provenance | |
|
||||
| tst.js:454:7:454:46 | url | tst.js:458:25:458:27 | url | provenance | |
|
||||
| tst.js:454:7:454:46 | url | tst.js:459:20:459:22 | url | provenance | |
|
||||
| tst.js:454:7:454:46 | url | tst.js:469:22:469:24 | url | provenance | |
|
||||
| tst.js:454:13:454:36 | documen ... .search | tst.js:454:13:454:46 | documen ... bstr(1) | provenance | Config |
|
||||
| tst.js:454:13:454:46 | documen ... bstr(1) | tst.js:454:7:454:46 | url | provenance | |
|
||||
| tst.js:474:23:474:35 | location.hash | tst.js:474:23:474:45 | locatio ... bstr(1) | provenance | Config |
|
||||
| tst.js:477:18:477:30 | location.hash | tst.js:477:18:477:40 | locatio ... bstr(1) | provenance | Config |
|
||||
| tst.js:484:43:484:62 | window.location.hash | tst.js:484:33:484:63 | decodeU ... n.hash) | provenance | |
|
||||
| tst.js:491:7:491:39 | target | tst.js:492:18:492:23 | target | provenance | |
|
||||
| tst.js:491:16:491:39 | documen ... .search | tst.js:491:7:491:39 | target | provenance | |
|
||||
| tst.js:492:18:492:23 | target | tst.js:492:18:492:54 | target. ... "), '') | provenance | |
|
||||
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | |
|
||||
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | |
|
||||
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | |
|
||||
@@ -1248,18 +1248,18 @@ subpaths
|
||||
| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) |
|
||||
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
|
||||
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() |
|
||||
| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | tst.js:40:16:40:44 | baz(doc ... search) |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | tst.js:46:16:46:45 | wrap(do ... search) |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) |
|
||||
| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) |
|
||||
| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | tst.js:58:16:58:32 | wrap(chop(bar())) |
|
||||
| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "<div>" ... </div>" | tst.js:58:16:58:32 | wrap(chop(bar())) |
|
||||
| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) |
|
||||
| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) |
|
||||
| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | tst.js:34:16:34:44 | baz(doc ... search) |
|
||||
| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:39:16:39:45 | wrap(do ... search) |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
|
||||
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
|
||||
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:48:16:48:32 | wrap(chop(bar())) |
|
||||
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:48:16:48:32 | wrap(chop(bar())) |
|
||||
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) |
|
||||
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) |
|
||||
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) |
|
||||
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
|
||||
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
|
||||
|
||||
@@ -1,41 +1,41 @@
|
||||
edges
|
||||
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | |
|
||||
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | |
|
||||
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | |
|
||||
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | |
|
||||
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | |
|
||||
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | |
|
||||
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | |
|
||||
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | |
|
||||
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | |
|
||||
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | |
|
||||
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | |
|
||||
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | |
|
||||
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | |
|
||||
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | |
|
||||
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | |
|
||||
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | |
|
||||
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | |
|
||||
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | |
|
||||
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
|
||||
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
|
||||
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | |
|
||||
| ReflectedXss.js:118:11:118:61 | keyArray [0] | ReflectedXss.js:119:25:119:32 | keyArray [0] | provenance | |
|
||||
| ReflectedXss.js:118:49:118:54 | [keys] [0] | ReflectedXss.js:118:11:118:61 | keyArray [0] | provenance | |
|
||||
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] [0] | provenance | |
|
||||
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
|
||||
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | |
|
||||
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | ReflectedXss.js:122:33:122:43 | invalidKeys [0] | provenance | |
|
||||
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | |
|
||||
| ReflectedXss.js:119:25:119:32 | keyArray [0] | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | provenance | |
|
||||
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | |
|
||||
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | ReflectedXss.js:119:11:119:72 | invalidKeys [0] | provenance | |
|
||||
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
|
||||
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
|
||||
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | |
|
||||
| ReflectedXss.js:7:33:7:45 | req.params.id | ReflectedXss.js:7:14:7:45 | "Unknow ... rams.id | provenance | |
|
||||
| ReflectedXss.js:16:31:16:39 | params.id | ReflectedXss.js:16:12:16:39 | "Unknow ... rams.id | provenance | |
|
||||
| ReflectedXss.js:22:19:22:26 | req.body | ReflectedXss.js:22:12:22:27 | marked(req.body) | provenance | |
|
||||
| ReflectedXss.js:41:31:41:38 | req.body | ReflectedXss.js:41:12:41:39 | convert ... q.body) | provenance | |
|
||||
| ReflectedXss.js:63:14:63:21 | req.body | ReflectedXss.js:63:39:63:42 | file | provenance | |
|
||||
| ReflectedXss.js:63:39:63:42 | file | ReflectedXss.js:64:16:64:19 | file | provenance | |
|
||||
| ReflectedXss.js:67:12:67:41 | remark( ... q.body) | ReflectedXss.js:67:12:67:52 | remark( ... tring() | provenance | |
|
||||
| ReflectedXss.js:67:33:67:40 | req.body | ReflectedXss.js:67:12:67:41 | remark( ... q.body) | provenance | |
|
||||
| ReflectedXss.js:71:12:71:56 | unified ... q.body) | ReflectedXss.js:71:12:71:65 | unified ... oString | provenance | |
|
||||
| ReflectedXss.js:71:48:71:55 | req.body | ReflectedXss.js:71:12:71:56 | unified ... q.body) | provenance | |
|
||||
| ReflectedXss.js:73:20:73:27 | req.body | ReflectedXss.js:73:34:73:34 | f | provenance | |
|
||||
| ReflectedXss.js:73:34:73:34 | f | ReflectedXss.js:74:14:74:14 | f | provenance | |
|
||||
| ReflectedXss.js:83:22:83:29 | req.body | ReflectedXss.js:83:12:83:30 | snarkdown(req.body) | provenance | |
|
||||
| ReflectedXss.js:84:23:84:30 | req.body | ReflectedXss.js:84:12:84:31 | snarkdown2(req.body) | provenance | |
|
||||
| ReflectedXss.js:97:30:97:37 | req.body | ReflectedXss.js:97:12:97:38 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:99:31:99:38 | req.body | ReflectedXss.js:99:12:99:39 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:102:76:102:83 | req.body | ReflectedXss.js:102:12:102:84 | markdow ... q.body) | provenance | |
|
||||
| ReflectedXss.js:113:11:113:41 | queryKeys | ReflectedXss.js:115:18:115:26 | queryKeys | provenance | |
|
||||
| ReflectedXss.js:113:13:113:27 | keys: queryKeys | ReflectedXss.js:113:11:113:41 | queryKeys | provenance | |
|
||||
| ReflectedXss.js:115:11:115:45 | keys | ReflectedXss.js:117:50:117:53 | keys | provenance | |
|
||||
| ReflectedXss.js:115:11:115:45 | keys | ReflectedXss.js:117:58:117:61 | keys | provenance | |
|
||||
| ReflectedXss.js:115:18:115:26 | queryKeys | ReflectedXss.js:115:11:115:45 | keys | provenance | |
|
||||
| ReflectedXss.js:115:31:115:45 | paramKeys?.keys | ReflectedXss.js:115:11:115:45 | keys | provenance | |
|
||||
| ReflectedXss.js:117:11:117:61 | keyArray | ReflectedXss.js:118:25:118:32 | keyArray | provenance | |
|
||||
| ReflectedXss.js:117:11:117:61 | keyArray [0] | ReflectedXss.js:118:25:118:32 | keyArray [0] | provenance | |
|
||||
| ReflectedXss.js:117:49:117:54 | [keys] [0] | ReflectedXss.js:117:11:117:61 | keyArray [0] | provenance | |
|
||||
| ReflectedXss.js:117:50:117:53 | keys | ReflectedXss.js:117:49:117:54 | [keys] [0] | provenance | |
|
||||
| ReflectedXss.js:117:58:117:61 | keys | ReflectedXss.js:117:11:117:61 | keyArray | provenance | |
|
||||
| ReflectedXss.js:118:11:118:72 | invalidKeys | ReflectedXss.js:121:33:121:43 | invalidKeys | provenance | |
|
||||
| ReflectedXss.js:118:11:118:72 | invalidKeys [0] | ReflectedXss.js:121:33:121:43 | invalidKeys [0] | provenance | |
|
||||
| ReflectedXss.js:118:25:118:32 | keyArray | ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) | provenance | |
|
||||
| ReflectedXss.js:118:25:118:32 | keyArray [0] | ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) [0] | provenance | |
|
||||
| ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) | ReflectedXss.js:118:11:118:72 | invalidKeys | provenance | |
|
||||
| ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) [0] | ReflectedXss.js:118:11:118:72 | invalidKeys [0] | provenance | |
|
||||
| ReflectedXss.js:121:33:121:43 | invalidKeys | ReflectedXss.js:121:33:121:54 | invalid ... n(', ') | provenance | |
|
||||
| ReflectedXss.js:121:33:121:43 | invalidKeys [0] | ReflectedXss.js:121:33:121:54 | invalid ... n(', ') | provenance | |
|
||||
| ReflectedXss.js:121:33:121:54 | invalid ... n(', ') | ReflectedXss.js:121:30:121:73 | `${inva ... telist` | provenance | |
|
||||
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | |
|
||||
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | |
|
||||
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | |
|
||||
@@ -144,63 +144,63 @@ edges
|
||||
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | |
|
||||
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | |
|
||||
nodes
|
||||
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
|
||||
| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id |
|
||||
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
|
||||
| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id |
|
||||
| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
|
||||
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
|
||||
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:64:39:64:42 | file | semmle.label | file |
|
||||
| ReflectedXss.js:65:16:65:19 | file | semmle.label | file |
|
||||
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
|
||||
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() |
|
||||
| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) |
|
||||
| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString |
|
||||
| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:74:34:74:34 | f | semmle.label | f |
|
||||
| ReflectedXss.js:75:14:75:14 | f | semmle.label | f |
|
||||
| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
|
||||
| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
|
||||
| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p |
|
||||
| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys |
|
||||
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys |
|
||||
| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys |
|
||||
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys |
|
||||
| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray |
|
||||
| ReflectedXss.js:118:11:118:61 | keyArray [0] | semmle.label | keyArray [0] |
|
||||
| ReflectedXss.js:118:49:118:54 | [keys] [0] | semmle.label | [keys] [0] |
|
||||
| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys |
|
||||
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | semmle.label | invalidKeys [0] |
|
||||
| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray |
|
||||
| ReflectedXss.js:119:25:119:32 | keyArray [0] | semmle.label | keyArray [0] |
|
||||
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) |
|
||||
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | semmle.label | keyArra ... s(key)) [0] |
|
||||
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` |
|
||||
| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys |
|
||||
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | semmle.label | invalidKeys [0] |
|
||||
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') |
|
||||
| ReflectedXss.js:7:14:7:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
|
||||
| ReflectedXss.js:7:33:7:45 | req.params.id | semmle.label | req.params.id |
|
||||
| ReflectedXss.js:16:12:16:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
|
||||
| ReflectedXss.js:16:31:16:39 | params.id | semmle.label | params.id |
|
||||
| ReflectedXss.js:21:12:21:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:22:12:22:27 | marked(req.body) | semmle.label | marked(req.body) |
|
||||
| ReflectedXss.js:22:19:22:26 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:28:12:28:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:40:12:40:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:41:12:41:39 | convert ... q.body) | semmle.label | convert ... q.body) |
|
||||
| ReflectedXss.js:41:31:41:38 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:55:12:55:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:63:14:63:21 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:63:39:63:42 | file | semmle.label | file |
|
||||
| ReflectedXss.js:64:16:64:19 | file | semmle.label | file |
|
||||
| ReflectedXss.js:67:12:67:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
|
||||
| ReflectedXss.js:67:12:67:52 | remark( ... tring() | semmle.label | remark( ... tring() |
|
||||
| ReflectedXss.js:67:33:67:40 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:71:12:71:56 | unified ... q.body) | semmle.label | unified ... q.body) |
|
||||
| ReflectedXss.js:71:12:71:65 | unified ... oString | semmle.label | unified ... oString |
|
||||
| ReflectedXss.js:71:48:71:55 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:73:20:73:27 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:73:34:73:34 | f | semmle.label | f |
|
||||
| ReflectedXss.js:74:14:74:14 | f | semmle.label | f |
|
||||
| ReflectedXss.js:82:12:82:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:83:12:83:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
|
||||
| ReflectedXss.js:83:22:83:29 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:84:12:84:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
|
||||
| ReflectedXss.js:84:23:84:30 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:96:12:96:19 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:97:12:97:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:97:30:97:37 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:99:12:99:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:99:31:99:38 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:102:12:102:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
|
||||
| ReflectedXss.js:102:76:102:83 | req.body | semmle.label | req.body |
|
||||
| ReflectedXss.js:109:16:109:30 | request.query.p | semmle.label | request.query.p |
|
||||
| ReflectedXss.js:113:11:113:41 | queryKeys | semmle.label | queryKeys |
|
||||
| ReflectedXss.js:113:13:113:27 | keys: queryKeys | semmle.label | keys: queryKeys |
|
||||
| ReflectedXss.js:115:11:115:45 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:115:18:115:26 | queryKeys | semmle.label | queryKeys |
|
||||
| ReflectedXss.js:115:31:115:45 | paramKeys?.keys | semmle.label | paramKeys?.keys |
|
||||
| ReflectedXss.js:117:11:117:61 | keyArray | semmle.label | keyArray |
|
||||
| ReflectedXss.js:117:11:117:61 | keyArray [0] | semmle.label | keyArray [0] |
|
||||
| ReflectedXss.js:117:49:117:54 | [keys] [0] | semmle.label | [keys] [0] |
|
||||
| ReflectedXss.js:117:50:117:53 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:117:58:117:61 | keys | semmle.label | keys |
|
||||
| ReflectedXss.js:118:11:118:72 | invalidKeys | semmle.label | invalidKeys |
|
||||
| ReflectedXss.js:118:11:118:72 | invalidKeys [0] | semmle.label | invalidKeys [0] |
|
||||
| ReflectedXss.js:118:25:118:32 | keyArray | semmle.label | keyArray |
|
||||
| ReflectedXss.js:118:25:118:32 | keyArray [0] | semmle.label | keyArray [0] |
|
||||
| ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) |
|
||||
| ReflectedXss.js:118:25:118:72 | keyArra ... s(key)) [0] | semmle.label | keyArra ... s(key)) [0] |
|
||||
| ReflectedXss.js:121:30:121:73 | `${inva ... telist` | semmle.label | `${inva ... telist` |
|
||||
| ReflectedXss.js:121:33:121:43 | invalidKeys | semmle.label | invalidKeys |
|
||||
| ReflectedXss.js:121:33:121:43 | invalidKeys [0] | semmle.label | invalidKeys [0] |
|
||||
| ReflectedXss.js:121:33:121:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') |
|
||||
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
|
||||
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
|
||||
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
|
||||
@@ -335,28 +335,28 @@ nodes
|
||||
subpaths
|
||||
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
|
||||
#select
|
||||
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
|
||||
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
|
||||
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
|
||||
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:65:16:65:19 | file | ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:65:16:65:19 | file | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:64:14:64:21 | req.body | user-provided value |
|
||||
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:52 | remark( ... tring() | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:68:33:68:40 | req.body | user-provided value |
|
||||
| ReflectedXss.js:72:12:72:65 | unified ... oString | ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:65 | unified ... oString | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:72:48:72:55 | req.body | user-provided value |
|
||||
| ReflectedXss.js:75:14:75:14 | f | ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:75:14:75:14 | f | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:74:20:74:27 | req.body | user-provided value |
|
||||
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:83:12:83:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:84:22:84:29 | req.body | user-provided value |
|
||||
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:85:23:85:30 | req.body | user-provided value |
|
||||
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:97:12:97:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:98:30:98:37 | req.body | user-provided value |
|
||||
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
|
||||
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
|
||||
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
|
||||
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
|
||||
| ReflectedXss.js:7:14:7:45 | "Unknow ... rams.id | ReflectedXss.js:7:33:7:45 | req.params.id | ReflectedXss.js:7:14:7:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:7:33:7:45 | req.params.id | user-provided value |
|
||||
| ReflectedXss.js:16:12:16:39 | "Unknow ... rams.id | ReflectedXss.js:16:31:16:39 | params.id | ReflectedXss.js:16:12:16:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:16:31:16:39 | params.id | user-provided value |
|
||||
| ReflectedXss.js:21:12:21:19 | req.body | ReflectedXss.js:21:12:21:19 | req.body | ReflectedXss.js:21:12:21:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:21:12:21:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:22:12:22:27 | marked(req.body) | ReflectedXss.js:22:19:22:26 | req.body | ReflectedXss.js:22:12:22:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:19:22:26 | req.body | user-provided value |
|
||||
| ReflectedXss.js:28:12:28:19 | req.body | ReflectedXss.js:28:12:28:19 | req.body | ReflectedXss.js:28:12:28:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:28:12:28:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:40:12:40:19 | req.body | ReflectedXss.js:40:12:40:19 | req.body | ReflectedXss.js:40:12:40:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:40:12:40:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:41:12:41:39 | convert ... q.body) | ReflectedXss.js:41:31:41:38 | req.body | ReflectedXss.js:41:12:41:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:31:41:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:55:12:55:19 | req.body | ReflectedXss.js:55:12:55:19 | req.body | ReflectedXss.js:55:12:55:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:55:12:55:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:64:16:64:19 | file | ReflectedXss.js:63:14:63:21 | req.body | ReflectedXss.js:64:16:64:19 | file | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:63:14:63:21 | req.body | user-provided value |
|
||||
| ReflectedXss.js:67:12:67:52 | remark( ... tring() | ReflectedXss.js:67:33:67:40 | req.body | ReflectedXss.js:67:12:67:52 | remark( ... tring() | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:67:33:67:40 | req.body | user-provided value |
|
||||
| ReflectedXss.js:71:12:71:65 | unified ... oString | ReflectedXss.js:71:48:71:55 | req.body | ReflectedXss.js:71:12:71:65 | unified ... oString | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:71:48:71:55 | req.body | user-provided value |
|
||||
| ReflectedXss.js:74:14:74:14 | f | ReflectedXss.js:73:20:73:27 | req.body | ReflectedXss.js:74:14:74:14 | f | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:73:20:73:27 | req.body | user-provided value |
|
||||
| ReflectedXss.js:82:12:82:19 | req.body | ReflectedXss.js:82:12:82:19 | req.body | ReflectedXss.js:82:12:82:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:82:12:82:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:83:12:83:30 | snarkdown(req.body) | ReflectedXss.js:83:22:83:29 | req.body | ReflectedXss.js:83:12:83:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:83:22:83:29 | req.body | user-provided value |
|
||||
| ReflectedXss.js:84:12:84:31 | snarkdown2(req.body) | ReflectedXss.js:84:23:84:30 | req.body | ReflectedXss.js:84:12:84:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:84:23:84:30 | req.body | user-provided value |
|
||||
| ReflectedXss.js:96:12:96:19 | req.body | ReflectedXss.js:96:12:96:19 | req.body | ReflectedXss.js:96:12:96:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:96:12:96:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:97:12:97:38 | markdow ... q.body) | ReflectedXss.js:97:30:97:37 | req.body | ReflectedXss.js:97:12:97:38 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:97:30:97:37 | req.body | user-provided value |
|
||||
| ReflectedXss.js:99:12:99:39 | markdow ... q.body) | ReflectedXss.js:99:31:99:38 | req.body | ReflectedXss.js:99:12:99:39 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:99:31:99:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:102:12:102:84 | markdow ... q.body) | ReflectedXss.js:102:76:102:83 | req.body | ReflectedXss.js:102:12:102:84 | markdow ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:102:76:102:83 | req.body | user-provided value |
|
||||
| ReflectedXss.js:109:16:109:30 | request.query.p | ReflectedXss.js:109:16:109:30 | request.query.p | ReflectedXss.js:109:16:109:30 | request.query.p | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:109:16:109:30 | request.query.p | user-provided value |
|
||||
| ReflectedXss.js:121:30:121:73 | `${inva ... telist` | ReflectedXss.js:113:13:113:27 | keys: queryKeys | ReflectedXss.js:121:30:121:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:113:13:113:27 | keys: queryKeys | user-provided value |
|
||||
| ReflectedXss.js:121:30:121:73 | `${inva ... telist` | ReflectedXss.js:115:31:115:45 | paramKeys?.keys | ReflectedXss.js:121:30:121:73 | `${inva ... telist` | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:115:31:115:45 | paramKeys?.keys | user-provided value |
|
||||
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
|
||||
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
|
||||
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |
|
||||
|
||||
@@ -1,25 +1,25 @@
|
||||
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
|
||||
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
|
||||
| ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
|
||||
| ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:65:16:65:19 | file | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:64:14:64:21 | req.body | user-provided value |
|
||||
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:68:33:68:40 | req.body | user-provided value |
|
||||
| ReflectedXss.js:72:12:72:65 | unified ... oString | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:72:48:72:55 | req.body | user-provided value |
|
||||
| ReflectedXss.js:75:14:75:14 | f | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:74:20:74:27 | req.body | user-provided value |
|
||||
| ReflectedXss.js:83:12:83:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:83:12:83:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:84:22:84:29 | req.body | user-provided value |
|
||||
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:85:23:85:30 | req.body | user-provided value |
|
||||
| ReflectedXss.js:97:12:97:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:97:12:97:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:98:30:98:37 | req.body | user-provided value |
|
||||
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:100:31:100:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:103:76:103:83 | req.body | user-provided value |
|
||||
| ReflectedXss.js:110:16:110:30 | request.query.p | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:110:16:110:30 | request.query.p | user-provided value |
|
||||
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:114:13:114:27 | keys: queryKeys | user-provided value |
|
||||
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:116:31:116:45 | paramKeys?.keys | user-provided value |
|
||||
| ReflectedXss.js:7:14:7:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:7:33:7:45 | req.params.id | user-provided value |
|
||||
| ReflectedXss.js:16:12:16:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:16:31:16:39 | params.id | user-provided value |
|
||||
| ReflectedXss.js:21:12:21:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:21:12:21:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:22:12:22:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:19:22:26 | req.body | user-provided value |
|
||||
| ReflectedXss.js:28:12:28:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:28:12:28:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:40:12:40:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:40:12:40:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:41:12:41:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:31:41:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:55:12:55:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:55:12:55:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:64:16:64:19 | file | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:63:14:63:21 | req.body | user-provided value |
|
||||
| ReflectedXss.js:67:12:67:52 | remark( ... tring() | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:67:33:67:40 | req.body | user-provided value |
|
||||
| ReflectedXss.js:71:12:71:65 | unified ... oString | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:71:48:71:55 | req.body | user-provided value |
|
||||
| ReflectedXss.js:74:14:74:14 | f | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:73:20:73:27 | req.body | user-provided value |
|
||||
| ReflectedXss.js:82:12:82:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:82:12:82:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:83:12:83:30 | snarkdown(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:83:22:83:29 | req.body | user-provided value |
|
||||
| ReflectedXss.js:84:12:84:31 | snarkdown2(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:84:23:84:30 | req.body | user-provided value |
|
||||
| ReflectedXss.js:96:12:96:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:96:12:96:19 | req.body | user-provided value |
|
||||
| ReflectedXss.js:97:12:97:38 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:97:30:97:37 | req.body | user-provided value |
|
||||
| ReflectedXss.js:99:12:99:39 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:99:31:99:38 | req.body | user-provided value |
|
||||
| ReflectedXss.js:102:12:102:84 | markdow ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:102:76:102:83 | req.body | user-provided value |
|
||||
| ReflectedXss.js:109:16:109:30 | request.query.p | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:109:16:109:30 | request.query.p | user-provided value |
|
||||
| ReflectedXss.js:121:30:121:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:113:13:113:27 | keys: queryKeys | user-provided value |
|
||||
| ReflectedXss.js:121:30:121:73 | `${inva ... telist` | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:115:31:115:45 | paramKeys?.keys | user-provided value |
|
||||
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | user-provided value |
|
||||
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | user-provided value |
|
||||
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value |
|
||||
|
||||
@@ -169,17 +169,17 @@ subpaths
|
||||
| unsafe-jquery-plugin.js:48:6:48:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:48:6:48:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:52:6:52:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:52:6:52:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:60:6:60:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:60:6:60:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:65:19:69:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... / OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:65:19:69:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... ml);\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:90:6:90:6 | t | unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:90:6:90:6 | t | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:84:19:93:2 | functio ... ns);\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:127:6:127:19 | options.target | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:126:14:128:3 | functio ... OK\\n\\t\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:132:5:132:18 | options.target | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:131:15:133:2 | functio ... T OK\\n\\t} | '$.fn.affix' plugin |
|
||||
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:135:17:137:2 | functio ... T OK\\n\\t} | '$.fn.tooltip' plugin |
|
||||
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... NCY]\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:127:6:127:19 | options.target | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:126:14:128:3 | functio ... ert\\n\\t\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:132:5:132:18 | options.target | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:131:15:133:2 | functio ... lert\\n\\t} | '$.fn.affix' plugin |
|
||||
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:135:17:137:2 | functio ... lert\\n\\t} | '$.fn.tooltip' plugin |
|
||||
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... ties\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:170:6:170:11 | target | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:170:6:170:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:160:19:173:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:179:5:179:18 | options.target | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:178:18:180:2 | functio ... lert\\n\\t} | '$.fn.my_plugin' plugin |
|
||||
| unsafe-jquery-plugin.js:192:19:192:28 | options.of | unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:192:19:192:28 | options.of | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:185:18:194:2 | functio ... et);\\n\\t} | '$.fn.position' plugin |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
| html-sanitizer.js:15:5:17:5 | connect ... K\\n ) |
|
||||
| html-sanitizer.js:15:5:17:5 | connect ... t\\n ) |
|
||||
| json-schema-validator.js:27:13:27:27 | doc.find(query) |
|
||||
| json-schema-validator.js:30:13:30:27 | doc.find(query) |
|
||||
| json-schema-validator.js:33:13:33:27 | doc.find(query) |
|
||||
@@ -7,43 +7,43 @@
|
||||
| json-schema-validator.js:55:13:55:27 | doc.find(query) |
|
||||
| json-schema-validator.js:59:13:59:27 | doc.find(query) |
|
||||
| json-schema-validator.js:61:13:61:27 | doc.find(query) |
|
||||
| marsdb-flow-to.js:14:3:14:41 | db.myDo ... => {}) |
|
||||
| marsdb.js:16:3:16:36 | doc.fin ... => {}) |
|
||||
| minimongo.js:18:3:18:17 | doc.find(query) |
|
||||
| mongodb.js:18:7:18:21 | doc.find(query) |
|
||||
| mongodb.js:21:7:21:48 | doc.fin ... itle }) |
|
||||
| mongodb.js:24:7:24:53 | doc.fin ... r(1) }) |
|
||||
| mongodb.js:29:9:29:34 | doc.fin ... itle }) |
|
||||
| mongodb.js:32:9:32:46 | doc.fin ... tle) }) |
|
||||
| mongodb.js:43:7:43:21 | doc.find(query) |
|
||||
| mongodb.js:54:7:54:21 | doc.find(query) |
|
||||
| mongodb.js:65:3:65:17 | doc.find(query) |
|
||||
| mongodb.js:73:5:77:27 | client\\n ... tag }) |
|
||||
| mongodb.js:81:3:85:25 | importe ... tag }) |
|
||||
| mongodb.js:98:5:98:19 | doc.find(query) |
|
||||
| mongodb.js:112:5:112:19 | doc.find(query) |
|
||||
| marsdb-flow-to.js:13:3:13:41 | db.myDo ... => {}) |
|
||||
| marsdb.js:15:3:15:36 | doc.fin ... => {}) |
|
||||
| minimongo.js:17:3:17:17 | doc.find(query) |
|
||||
| mongodb.js:17:7:17:21 | doc.find(query) |
|
||||
| mongodb.js:20:7:20:48 | doc.fin ... itle }) |
|
||||
| mongodb.js:23:7:23:53 | doc.fin ... r(1) }) |
|
||||
| mongodb.js:28:9:28:34 | doc.fin ... itle }) |
|
||||
| mongodb.js:30:9:30:46 | doc.fin ... tle) }) |
|
||||
| mongodb.js:41:7:41:21 | doc.find(query) |
|
||||
| mongodb.js:51:7:51:21 | doc.find(query) |
|
||||
| mongodb.js:61:3:61:17 | doc.find(query) |
|
||||
| mongodb.js:69:5:72:27 | client\\n ... tag }) |
|
||||
| mongodb.js:76:3:79:25 | importe ... tag }) |
|
||||
| mongodb.js:92:5:92:19 | doc.find(query) |
|
||||
| mongodb.js:105:5:105:19 | doc.find(query) |
|
||||
| mongodb_bodySafe.js:18:7:18:21 | doc.find(query) |
|
||||
| mongodb_bodySafe.js:29:7:29:21 | doc.find(query) |
|
||||
| mongoose.js:63:2:63:34 | Documen ... then(X) |
|
||||
| mongoose.js:65:2:65:51 | Documen ... on(){}) |
|
||||
| mongoose.js:67:2:68:27 | new Mon ... on(){}) |
|
||||
| mongoose.js:71:2:78:9 | Documen ... .exec() |
|
||||
| mongoose.js:85:2:85:52 | Documen ... query)) |
|
||||
| mongoose.js:86:2:86:52 | Documen ... query)) |
|
||||
| mongoose.js:87:2:87:57 | Documen ... query)) |
|
||||
| mongoose.js:88:2:88:57 | Documen ... query)) |
|
||||
| mongoose.js:89:2:89:52 | Documen ... query)) |
|
||||
| mongoose.js:90:2:90:55 | Documen ... query)) |
|
||||
| mongoose.js:92:2:92:52 | Documen ... query)) |
|
||||
| mongoose.js:93:2:93:49 | Documen ... query)) |
|
||||
| mongoose.js:94:2:94:57 | Documen ... query)) |
|
||||
| mongoose.js:95:2:95:54 | Documen ... query)) |
|
||||
| mongoose.js:96:2:96:52 | Documen ... query)) |
|
||||
| mongoose.js:97:2:97:52 | Documen ... query)) |
|
||||
| mongoose.js:99:2:99:50 | Documen ... query)) |
|
||||
| mongoose.js:113:2:113:53 | Documen ... () { }) |
|
||||
| mongoose.js:134:3:134:52 | Documen ... on(){}) |
|
||||
| mongoose.js:136:3:136:52 | Documen ... on(){}) |
|
||||
| mongodb_bodySafe.js:28:7:28:21 | doc.find(query) |
|
||||
| mongoose.js:49:2:49:34 | Documen ... then(X) |
|
||||
| mongoose.js:51:2:51:51 | Documen ... on(){}) |
|
||||
| mongoose.js:53:2:54:27 | new Mon ... on(){}) |
|
||||
| mongoose.js:57:2:64:9 | Documen ... .exec() |
|
||||
| mongoose.js:71:2:71:52 | Documen ... query)) |
|
||||
| mongoose.js:72:2:72:52 | Documen ... query)) |
|
||||
| mongoose.js:73:2:73:57 | Documen ... query)) |
|
||||
| mongoose.js:74:2:74:57 | Documen ... query)) |
|
||||
| mongoose.js:75:2:75:52 | Documen ... query)) |
|
||||
| mongoose.js:76:2:76:55 | Documen ... query)) |
|
||||
| mongoose.js:78:2:78:52 | Documen ... query)) |
|
||||
| mongoose.js:79:2:79:49 | Documen ... query)) |
|
||||
| mongoose.js:80:2:80:57 | Documen ... query)) |
|
||||
| mongoose.js:81:2:81:54 | Documen ... query)) |
|
||||
| mongoose.js:82:2:82:52 | Documen ... query)) |
|
||||
| mongoose.js:83:2:83:52 | Documen ... query)) |
|
||||
| mongoose.js:85:2:85:50 | Documen ... query)) |
|
||||
| mongoose.js:99:2:99:53 | Documen ... () { }) |
|
||||
| mongoose.js:120:3:120:52 | Documen ... on(){}) |
|
||||
| mongoose.js:122:3:122:52 | Documen ... on(){}) |
|
||||
| mysql.js:8:9:11:47 | connect ... ds) {}) |
|
||||
| mysql.js:14:9:16:47 | connect ... ds) {}) |
|
||||
| mysql.js:19:9:20:48 | connect ... ds) {}) |
|
||||
@@ -59,10 +59,10 @@
|
||||
| pg-promise.js:17:3:17:21 | db.oneOrNone(query) |
|
||||
| pg-promise.js:18:3:18:17 | db.query(query) |
|
||||
| pg-promise.js:19:3:19:18 | db.result(query) |
|
||||
| pg-promise.js:21:3:23:4 | db.one( ... OK\\n }) |
|
||||
| pg-promise.js:24:3:27:4 | db.one( ... OK\\n }) |
|
||||
| pg-promise.js:21:3:23:4 | db.one( ... rt\\n }) |
|
||||
| pg-promise.js:24:3:27:4 | db.one( ... d,\\n }) |
|
||||
| pg-promise.js:28:3:31:4 | db.one( ... er\\n }) |
|
||||
| pg-promise.js:32:3:35:4 | db.one( ... OK\\n }) |
|
||||
| pg-promise.js:32:3:35:4 | db.one( ... rt\\n }) |
|
||||
| pg-promise.js:36:3:43:4 | db.one( ... ]\\n }) |
|
||||
| pg-promise.js:44:3:50:4 | db.one( ... }\\n }) |
|
||||
| pg-promise.js:51:3:58:4 | db.one( ... }\\n }) |
|
||||
@@ -88,7 +88,7 @@
|
||||
| redis.js:49:18:49:47 | client. ... value") |
|
||||
| socketio.js:11:5:11:54 | db.run( ... ndle}`) |
|
||||
| tst2.js:7:3:7:62 | sql.que ... ms.id}` |
|
||||
| tst2.js:9:3:9:85 | new sql ... + "'") |
|
||||
| tst2.js:8:3:8:85 | new sql ... + "'") |
|
||||
| tst3.js:9:3:11:4 | pool.qu ... ts\\n }) |
|
||||
| tst3.js:16:3:18:4 | pool.qu ... ts\\n }) |
|
||||
| tst4.js:8:3:8:67 | db.get( ... + '"') |
|
||||
|
||||
@@ -1,38 +1,38 @@
|
||||
nodes
|
||||
| graphql.js:8:11:8:28 | id | semmle.label | id |
|
||||
| graphql.js:8:16:8:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:10:34:20:5 | `\\n ... }\\n ` | semmle.label | `\\n ... }\\n ` |
|
||||
| graphql.js:12:46:12:47 | id | semmle.label | id |
|
||||
| graphql.js:26:11:26:28 | id | semmle.label | id |
|
||||
| graphql.js:26:16:26:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:27:30:27:40 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:27:37:27:38 | id | semmle.label | id |
|
||||
| graphql.js:30:32:30:42 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:30:39:30:40 | id | semmle.label | id |
|
||||
| graphql.js:33:18:33:28 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:33:25:33:26 | id | semmle.label | id |
|
||||
| graphql.js:39:11:39:28 | id | semmle.label | id |
|
||||
| graphql.js:39:16:39:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:44:14:44:24 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:44:21:44:22 | id | semmle.label | id |
|
||||
| graphql.js:48:44:48:54 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:48:51:48:52 | id | semmle.label | id |
|
||||
| graphql.js:55:11:55:28 | id | semmle.label | id |
|
||||
| graphql.js:55:16:55:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:56:39:56:49 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:56:46:56:47 | id | semmle.label | id |
|
||||
| graphql.js:58:66:58:76 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:58:73:58:74 | id | semmle.label | id |
|
||||
| graphql.js:74:9:74:25 | id | semmle.label | id |
|
||||
| graphql.js:74:14:74:25 | req.query.id | semmle.label | req.query.id |
|
||||
| graphql.js:75:46:75:64 | "{ foo" + id + " }" | semmle.label | "{ foo" + id + " }" |
|
||||
| graphql.js:75:56:75:57 | id | semmle.label | id |
|
||||
| graphql.js:84:14:90:8 | `{\\n ... }` | semmle.label | `{\\n ... }` |
|
||||
| graphql.js:88:13:88:14 | id | semmle.label | id |
|
||||
| graphql.js:119:11:119:28 | id | semmle.label | id |
|
||||
| graphql.js:119:16:119:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:120:38:120:48 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:120:45:120:46 | id | semmle.label | id |
|
||||
| graphql.js:9:34:19:5 | ` // $ ... }\\n ` | semmle.label | ` // $ ... }\\n ` |
|
||||
| graphql.js:11:46:11:47 | id | semmle.label | id |
|
||||
| graphql.js:25:11:25:28 | id | semmle.label | id |
|
||||
| graphql.js:25:16:25:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:26:30:26:40 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:26:37:26:38 | id | semmle.label | id |
|
||||
| graphql.js:29:32:29:42 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:29:39:29:40 | id | semmle.label | id |
|
||||
| graphql.js:32:18:32:28 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:32:25:32:26 | id | semmle.label | id |
|
||||
| graphql.js:38:11:38:28 | id | semmle.label | id |
|
||||
| graphql.js:38:16:38:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:43:14:43:24 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:43:21:43:22 | id | semmle.label | id |
|
||||
| graphql.js:47:44:47:54 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:47:51:47:52 | id | semmle.label | id |
|
||||
| graphql.js:54:11:54:28 | id | semmle.label | id |
|
||||
| graphql.js:54:16:54:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:55:39:55:49 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:55:46:55:47 | id | semmle.label | id |
|
||||
| graphql.js:57:66:57:76 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:57:73:57:74 | id | semmle.label | id |
|
||||
| graphql.js:73:9:73:25 | id | semmle.label | id |
|
||||
| graphql.js:73:14:73:25 | req.query.id | semmle.label | req.query.id |
|
||||
| graphql.js:74:46:74:64 | "{ foo" + id + " }" | semmle.label | "{ foo" + id + " }" |
|
||||
| graphql.js:74:56:74:57 | id | semmle.label | id |
|
||||
| graphql.js:82:14:88:8 | `{ // $ ... }` | semmle.label | `{ // $ ... }` |
|
||||
| graphql.js:86:13:86:14 | id | semmle.label | id |
|
||||
| graphql.js:117:11:117:28 | id | semmle.label | id |
|
||||
| graphql.js:117:16:117:28 | req.params.id | semmle.label | req.params.id |
|
||||
| graphql.js:118:38:118:48 | `foo ${id}` | semmle.label | `foo ${id}` |
|
||||
| graphql.js:118:45:118:46 | id | semmle.label | id |
|
||||
| html-sanitizer.js:13:39:13:44 | param1 | semmle.label | param1 |
|
||||
| html-sanitizer.js:14:5:14:24 | param1 | semmle.label | param1 |
|
||||
| html-sanitizer.js:14:14:14:24 | xss(param1) | semmle.label | xss(param1) |
|
||||
@@ -84,125 +84,125 @@ nodes
|
||||
| marsdb-flow-to.js:10:17:10:18 | {} | semmle.label | {} |
|
||||
| marsdb-flow-to.js:11:17:11:24 | req.body | semmle.label | req.body |
|
||||
| marsdb-flow-to.js:11:17:11:30 | req.body.title | semmle.label | req.body.title |
|
||||
| marsdb-flow-to.js:14:17:14:21 | query | semmle.label | query |
|
||||
| marsdb-flow-to.js:13:17:13:21 | query | semmle.label | query |
|
||||
| marsdb.js:12:9:12:18 | query | semmle.label | query |
|
||||
| marsdb.js:12:17:12:18 | {} | semmle.label | {} |
|
||||
| marsdb.js:13:17:13:24 | req.body | semmle.label | req.body |
|
||||
| marsdb.js:13:17:13:30 | req.body.title | semmle.label | req.body.title |
|
||||
| marsdb.js:16:12:16:16 | query | semmle.label | query |
|
||||
| marsdb.js:15:12:15:16 | query | semmle.label | query |
|
||||
| minimongo.js:14:9:14:18 | query | semmle.label | query |
|
||||
| minimongo.js:14:17:14:18 | {} | semmle.label | {} |
|
||||
| minimongo.js:15:17:15:24 | req.body | semmle.label | req.body |
|
||||
| minimongo.js:15:17:15:30 | req.body.title | semmle.label | req.body.title |
|
||||
| minimongo.js:18:12:18:16 | query | semmle.label | query |
|
||||
| minimongo.js:17:12:17:16 | query | semmle.label | query |
|
||||
| mongodb.js:12:11:12:20 | query | semmle.label | query |
|
||||
| mongodb.js:12:19:12:20 | {} | semmle.label | {} |
|
||||
| mongodb.js:13:5:13:9 | query | semmle.label | query |
|
||||
| mongodb.js:13:19:13:26 | req.body | semmle.label | req.body |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | semmle.label | req.body.title |
|
||||
| mongodb.js:18:16:18:20 | query | semmle.label | query |
|
||||
| mongodb.js:26:11:26:32 | title | semmle.label | title |
|
||||
| mongodb.js:26:19:26:26 | req.body | semmle.label | req.body |
|
||||
| mongodb.js:26:19:26:32 | req.body.title | semmle.label | req.body.title |
|
||||
| mongodb.js:32:18:32:45 | { title ... itle) } | semmle.label | { title ... itle) } |
|
||||
| mongodb.js:32:27:32:43 | JSON.parse(title) | semmle.label | JSON.parse(title) |
|
||||
| mongodb.js:32:38:32:42 | title | semmle.label | title |
|
||||
| mongodb.js:48:11:48:20 | query | semmle.label | query |
|
||||
| mongodb.js:48:19:48:20 | {} | semmle.label | {} |
|
||||
| mongodb.js:49:5:49:9 | query | semmle.label | query |
|
||||
| mongodb.js:49:19:49:33 | req.query.title | semmle.label | req.query.title |
|
||||
| mongodb.js:54:16:54:20 | query | semmle.label | query |
|
||||
| mongodb.js:59:8:59:17 | query | semmle.label | query |
|
||||
| mongodb.js:59:16:59:17 | {} | semmle.label | {} |
|
||||
| mongodb.js:60:2:60:6 | query | semmle.label | query |
|
||||
| mongodb.js:60:16:60:30 | req.query.title | semmle.label | req.query.title |
|
||||
| mongodb.js:65:12:65:16 | query | semmle.label | query |
|
||||
| mongodb.js:70:7:70:25 | tag | semmle.label | tag |
|
||||
| mongodb.js:70:13:70:25 | req.query.tag | semmle.label | req.query.tag |
|
||||
| mongodb.js:77:14:77:26 | { tags: tag } | semmle.label | { tags: tag } |
|
||||
| mongodb.js:77:22:77:24 | tag | semmle.label | tag |
|
||||
| mongodb.js:85:12:85:24 | { tags: tag } | semmle.label | { tags: tag } |
|
||||
| mongodb.js:85:20:85:22 | tag | semmle.label | tag |
|
||||
| mongodb.js:106:9:106:18 | query | semmle.label | query |
|
||||
| mongodb.js:106:17:106:18 | {} | semmle.label | {} |
|
||||
| mongodb.js:107:3:107:7 | query | semmle.label | query |
|
||||
| mongodb.js:107:17:107:29 | queries.title | semmle.label | queries.title |
|
||||
| mongodb.js:112:14:112:18 | query | semmle.label | query |
|
||||
| mongodb.js:17:16:17:20 | query | semmle.label | query |
|
||||
| mongodb.js:25:11:25:32 | title | semmle.label | title |
|
||||
| mongodb.js:25:19:25:26 | req.body | semmle.label | req.body |
|
||||
| mongodb.js:25:19:25:32 | req.body.title | semmle.label | req.body.title |
|
||||
| mongodb.js:30:18:30:45 | { title ... itle) } | semmle.label | { title ... itle) } |
|
||||
| mongodb.js:30:27:30:43 | JSON.parse(title) | semmle.label | JSON.parse(title) |
|
||||
| mongodb.js:30:38:30:42 | title | semmle.label | title |
|
||||
| mongodb.js:46:11:46:20 | query | semmle.label | query |
|
||||
| mongodb.js:46:19:46:20 | {} | semmle.label | {} |
|
||||
| mongodb.js:47:5:47:9 | query | semmle.label | query |
|
||||
| mongodb.js:47:19:47:33 | req.query.title | semmle.label | req.query.title |
|
||||
| mongodb.js:51:16:51:20 | query | semmle.label | query |
|
||||
| mongodb.js:56:8:56:17 | query | semmle.label | query |
|
||||
| mongodb.js:56:16:56:17 | {} | semmle.label | {} |
|
||||
| mongodb.js:57:2:57:6 | query | semmle.label | query |
|
||||
| mongodb.js:57:16:57:30 | req.query.title | semmle.label | req.query.title |
|
||||
| mongodb.js:61:12:61:16 | query | semmle.label | query |
|
||||
| mongodb.js:66:7:66:25 | tag | semmle.label | tag |
|
||||
| mongodb.js:66:13:66:25 | req.query.tag | semmle.label | req.query.tag |
|
||||
| mongodb.js:72:14:72:26 | { tags: tag } | semmle.label | { tags: tag } |
|
||||
| mongodb.js:72:22:72:24 | tag | semmle.label | tag |
|
||||
| mongodb.js:79:12:79:24 | { tags: tag } | semmle.label | { tags: tag } |
|
||||
| mongodb.js:79:20:79:22 | tag | semmle.label | tag |
|
||||
| mongodb.js:100:9:100:18 | query | semmle.label | query |
|
||||
| mongodb.js:100:17:100:18 | {} | semmle.label | {} |
|
||||
| mongodb.js:101:3:101:7 | query | semmle.label | query |
|
||||
| mongodb.js:101:17:101:29 | queries.title | semmle.label | queries.title |
|
||||
| mongodb.js:105:14:105:18 | query | semmle.label | query |
|
||||
| mongodb_bodySafe.js:23:11:23:20 | query | semmle.label | query |
|
||||
| mongodb_bodySafe.js:23:19:23:20 | {} | semmle.label | {} |
|
||||
| mongodb_bodySafe.js:24:5:24:9 | query | semmle.label | query |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | semmle.label | req.query.title |
|
||||
| mongodb_bodySafe.js:29:16:29:20 | query | semmle.label | query |
|
||||
| mongodb_bodySafe.js:28:16:28:20 | query | semmle.label | query |
|
||||
| mongoose.js:20:8:20:17 | query | semmle.label | query |
|
||||
| mongoose.js:20:16:20:17 | {} | semmle.label | {} |
|
||||
| mongoose.js:21:2:21:6 | query | semmle.label | query |
|
||||
| mongoose.js:21:16:21:23 | req.body | semmle.label | req.body |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | semmle.label | req.body.title |
|
||||
| mongoose.js:24:21:24:27 | [query] | semmle.label | [query] |
|
||||
| mongoose.js:24:22:24:26 | query | semmle.label | query |
|
||||
| mongoose.js:27:17:27:21 | query | semmle.label | query |
|
||||
| mongoose.js:30:22:30:26 | query | semmle.label | query |
|
||||
| mongoose.js:33:21:33:25 | query | semmle.label | query |
|
||||
| mongoose.js:36:28:36:32 | query | semmle.label | query |
|
||||
| mongoose.js:39:16:39:20 | query | semmle.label | query |
|
||||
| mongoose.js:42:19:42:23 | query | semmle.label | query |
|
||||
| mongoose.js:45:28:45:32 | query | semmle.label | query |
|
||||
| mongoose.js:48:28:48:32 | query | semmle.label | query |
|
||||
| mongoose.js:51:28:51:32 | query | semmle.label | query |
|
||||
| mongoose.js:54:22:54:26 | query | semmle.label | query |
|
||||
| mongoose.js:57:18:57:22 | query | semmle.label | query |
|
||||
| mongoose.js:60:22:60:26 | query | semmle.label | query |
|
||||
| mongoose.js:63:21:63:25 | query | semmle.label | query |
|
||||
| mongoose.js:65:32:65:36 | query | semmle.label | query |
|
||||
| mongoose.js:67:27:67:31 | query | semmle.label | query |
|
||||
| mongoose.js:68:8:68:12 | query | semmle.label | query |
|
||||
| mongoose.js:71:17:71:21 | query | semmle.label | query |
|
||||
| mongoose.js:72:10:72:14 | query | semmle.label | query |
|
||||
| mongoose.js:73:8:73:12 | query | semmle.label | query |
|
||||
| mongoose.js:74:7:74:11 | query | semmle.label | query |
|
||||
| mongoose.js:75:16:75:20 | query | semmle.label | query |
|
||||
| mongoose.js:76:12:76:16 | query | semmle.label | query |
|
||||
| mongoose.js:77:10:77:14 | query | semmle.label | query |
|
||||
| mongoose.js:81:37:81:41 | query | semmle.label | query |
|
||||
| mongoose.js:23:21:23:27 | [query] | semmle.label | [query] |
|
||||
| mongoose.js:23:22:23:26 | query | semmle.label | query |
|
||||
| mongoose.js:25:17:25:21 | query | semmle.label | query |
|
||||
| mongoose.js:27:22:27:26 | query | semmle.label | query |
|
||||
| mongoose.js:29:21:29:25 | query | semmle.label | query |
|
||||
| mongoose.js:31:28:31:32 | query | semmle.label | query |
|
||||
| mongoose.js:33:16:33:20 | query | semmle.label | query |
|
||||
| mongoose.js:35:19:35:23 | query | semmle.label | query |
|
||||
| mongoose.js:37:28:37:32 | query | semmle.label | query |
|
||||
| mongoose.js:39:28:39:32 | query | semmle.label | query |
|
||||
| mongoose.js:41:28:41:32 | query | semmle.label | query |
|
||||
| mongoose.js:43:22:43:26 | query | semmle.label | query |
|
||||
| mongoose.js:45:18:45:22 | query | semmle.label | query |
|
||||
| mongoose.js:47:22:47:26 | query | semmle.label | query |
|
||||
| mongoose.js:49:21:49:25 | query | semmle.label | query |
|
||||
| mongoose.js:51:32:51:36 | query | semmle.label | query |
|
||||
| mongoose.js:53:27:53:31 | query | semmle.label | query |
|
||||
| mongoose.js:54:8:54:12 | query | semmle.label | query |
|
||||
| mongoose.js:57:17:57:21 | query | semmle.label | query |
|
||||
| mongoose.js:58:10:58:14 | query | semmle.label | query |
|
||||
| mongoose.js:59:8:59:12 | query | semmle.label | query |
|
||||
| mongoose.js:60:7:60:11 | query | semmle.label | query |
|
||||
| mongoose.js:61:16:61:20 | query | semmle.label | query |
|
||||
| mongoose.js:62:12:62:16 | query | semmle.label | query |
|
||||
| mongoose.js:63:10:63:14 | query | semmle.label | query |
|
||||
| mongoose.js:67:37:67:41 | query | semmle.label | query |
|
||||
| mongoose.js:68:46:68:50 | query | semmle.label | query |
|
||||
| mongoose.js:69:47:69:51 | query | semmle.label | query |
|
||||
| mongoose.js:71:46:71:50 | query | semmle.label | query |
|
||||
| mongoose.js:73:51:73:55 | query | semmle.label | query |
|
||||
| mongoose.js:75:46:75:50 | query | semmle.label | query |
|
||||
| mongoose.js:78:46:78:50 | query | semmle.label | query |
|
||||
| mongoose.js:80:51:80:55 | query | semmle.label | query |
|
||||
| mongoose.js:82:46:82:50 | query | semmle.label | query |
|
||||
| mongoose.js:83:47:83:51 | query | semmle.label | query |
|
||||
| mongoose.js:85:46:85:50 | query | semmle.label | query |
|
||||
| mongoose.js:87:51:87:55 | query | semmle.label | query |
|
||||
| mongoose.js:89:46:89:50 | query | semmle.label | query |
|
||||
| mongoose.js:92:46:92:50 | query | semmle.label | query |
|
||||
| mongoose.js:94:51:94:55 | query | semmle.label | query |
|
||||
| mongoose.js:96:46:96:50 | query | semmle.label | query |
|
||||
| mongoose.js:104:21:104:25 | query | semmle.label | query |
|
||||
| mongoose.js:111:14:111:18 | query | semmle.label | query |
|
||||
| mongoose.js:113:31:113:35 | query | semmle.label | query |
|
||||
| mongoose.js:115:6:115:22 | id | semmle.label | id |
|
||||
| mongoose.js:115:11:115:22 | req.query.id | semmle.label | req.query.id |
|
||||
| mongoose.js:115:25:115:45 | cond | semmle.label | cond |
|
||||
| mongoose.js:115:32:115:45 | req.query.cond | semmle.label | req.query.cond |
|
||||
| mongoose.js:116:22:116:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:117:21:117:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:118:21:118:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:119:18:119:21 | cond | semmle.label | cond |
|
||||
| mongoose.js:120:22:120:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:121:16:121:19 | cond | semmle.label | cond |
|
||||
| mongoose.js:122:19:122:22 | cond | semmle.label | cond |
|
||||
| mongoose.js:123:20:123:21 | id | semmle.label | id |
|
||||
| mongoose.js:124:28:124:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:125:28:125:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:126:28:126:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:127:18:127:21 | cond | semmle.label | cond |
|
||||
| mongoose.js:128:22:128:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:129:21:129:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:130:16:130:26 | { _id: id } | semmle.label | { _id: id } |
|
||||
| mongoose.js:130:23:130:24 | id | semmle.label | id |
|
||||
| mongoose.js:133:38:133:42 | query | semmle.label | query |
|
||||
| mongoose.js:136:30:136:34 | query | semmle.label | query |
|
||||
| mongoose.js:90:21:90:25 | query | semmle.label | query |
|
||||
| mongoose.js:97:14:97:18 | query | semmle.label | query |
|
||||
| mongoose.js:99:31:99:35 | query | semmle.label | query |
|
||||
| mongoose.js:101:6:101:22 | id | semmle.label | id |
|
||||
| mongoose.js:101:11:101:22 | req.query.id | semmle.label | req.query.id |
|
||||
| mongoose.js:101:25:101:45 | cond | semmle.label | cond |
|
||||
| mongoose.js:101:32:101:45 | req.query.cond | semmle.label | req.query.cond |
|
||||
| mongoose.js:102:22:102:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:103:21:103:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:104:21:104:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:105:18:105:21 | cond | semmle.label | cond |
|
||||
| mongoose.js:106:22:106:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:107:16:107:19 | cond | semmle.label | cond |
|
||||
| mongoose.js:108:19:108:22 | cond | semmle.label | cond |
|
||||
| mongoose.js:109:20:109:21 | id | semmle.label | id |
|
||||
| mongoose.js:110:28:110:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:111:28:111:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:112:28:112:31 | cond | semmle.label | cond |
|
||||
| mongoose.js:113:18:113:21 | cond | semmle.label | cond |
|
||||
| mongoose.js:114:22:114:25 | cond | semmle.label | cond |
|
||||
| mongoose.js:115:21:115:24 | cond | semmle.label | cond |
|
||||
| mongoose.js:116:16:116:26 | { _id: id } | semmle.label | { _id: id } |
|
||||
| mongoose.js:116:23:116:24 | id | semmle.label | id |
|
||||
| mongoose.js:119:38:119:42 | query | semmle.label | query |
|
||||
| mongoose.js:122:30:122:34 | query | semmle.label | query |
|
||||
| mongooseJsonParse.js:19:11:19:20 | query | semmle.label | query |
|
||||
| mongooseJsonParse.js:19:19:19:20 | {} | semmle.label | {} |
|
||||
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) |
|
||||
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | semmle.label | JSON.pa ... ).title |
|
||||
| mongooseJsonParse.js:20:30:20:43 | req.query.data | semmle.label | req.query.data |
|
||||
| mongooseJsonParse.js:23:19:23:23 | query | semmle.label | query |
|
||||
| mongooseJsonParse.js:22:19:22:23 | query | semmle.label | query |
|
||||
| mongooseModelClient.js:10:7:10:32 | v | semmle.label | v |
|
||||
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) |
|
||||
| mongooseModelClient.js:10:22:10:29 | req.body | semmle.label | req.body |
|
||||
@@ -268,8 +268,8 @@ nodes
|
||||
| socketio.js:10:25:10:30 | handle | semmle.label | handle |
|
||||
| socketio.js:11:12:11:53 | `INSERT ... andle}` | semmle.label | `INSERT ... andle}` |
|
||||
| socketio.js:11:46:11:51 | handle | semmle.label | handle |
|
||||
| tst2.js:9:27:9:84 | "select ... d + "'" | semmle.label | "select ... d + "'" |
|
||||
| tst2.js:9:66:9:78 | req.params.id | semmle.label | req.params.id |
|
||||
| tst2.js:8:27:8:84 | "select ... d + "'" | semmle.label | "select ... d + "'" |
|
||||
| tst2.js:8:66:8:78 | req.params.id | semmle.label | req.params.id |
|
||||
| tst3.js:7:7:8:55 | query1 | semmle.label | query1 |
|
||||
| tst3.js:8:16:8:34 | req.params.category | semmle.label | req.params.category |
|
||||
| tst3.js:9:14:9:19 | query1 | semmle.label | query1 |
|
||||
@@ -278,34 +278,34 @@ nodes
|
||||
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' |
|
||||
| tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id |
|
||||
edges
|
||||
| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | provenance | |
|
||||
| graphql.js:8:11:8:28 | id | graphql.js:11:46:11:47 | id | provenance | |
|
||||
| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | provenance | |
|
||||
| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | provenance | |
|
||||
| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | provenance | |
|
||||
| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | provenance | |
|
||||
| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | provenance | |
|
||||
| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | provenance | |
|
||||
| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | provenance | |
|
||||
| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | provenance | |
|
||||
| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | provenance | |
|
||||
| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | provenance | |
|
||||
| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | provenance | |
|
||||
| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | provenance | |
|
||||
| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | provenance | |
|
||||
| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | provenance | |
|
||||
| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | provenance | |
|
||||
| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | provenance | |
|
||||
| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | provenance | |
|
||||
| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | provenance | |
|
||||
| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | provenance | |
|
||||
| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | provenance | |
|
||||
| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | provenance | |
|
||||
| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | provenance | |
|
||||
| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | provenance | |
|
||||
| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | provenance | |
|
||||
| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | provenance | |
|
||||
| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | provenance | |
|
||||
| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | provenance | |
|
||||
| graphql.js:11:46:11:47 | id | graphql.js:9:34:19:5 | ` // $ ... }\\n ` | provenance | |
|
||||
| graphql.js:25:11:25:28 | id | graphql.js:26:37:26:38 | id | provenance | |
|
||||
| graphql.js:25:11:25:28 | id | graphql.js:29:39:29:40 | id | provenance | |
|
||||
| graphql.js:25:11:25:28 | id | graphql.js:32:25:32:26 | id | provenance | |
|
||||
| graphql.js:25:16:25:28 | req.params.id | graphql.js:25:11:25:28 | id | provenance | |
|
||||
| graphql.js:26:37:26:38 | id | graphql.js:26:30:26:40 | `foo ${id}` | provenance | |
|
||||
| graphql.js:29:39:29:40 | id | graphql.js:29:32:29:42 | `foo ${id}` | provenance | |
|
||||
| graphql.js:32:25:32:26 | id | graphql.js:32:18:32:28 | `foo ${id}` | provenance | |
|
||||
| graphql.js:38:11:38:28 | id | graphql.js:43:21:43:22 | id | provenance | |
|
||||
| graphql.js:38:11:38:28 | id | graphql.js:47:51:47:52 | id | provenance | |
|
||||
| graphql.js:38:16:38:28 | req.params.id | graphql.js:38:11:38:28 | id | provenance | |
|
||||
| graphql.js:43:21:43:22 | id | graphql.js:43:14:43:24 | `foo ${id}` | provenance | |
|
||||
| graphql.js:47:51:47:52 | id | graphql.js:47:44:47:54 | `foo ${id}` | provenance | |
|
||||
| graphql.js:54:11:54:28 | id | graphql.js:55:46:55:47 | id | provenance | |
|
||||
| graphql.js:54:11:54:28 | id | graphql.js:57:73:57:74 | id | provenance | |
|
||||
| graphql.js:54:16:54:28 | req.params.id | graphql.js:54:11:54:28 | id | provenance | |
|
||||
| graphql.js:55:46:55:47 | id | graphql.js:55:39:55:49 | `foo ${id}` | provenance | |
|
||||
| graphql.js:57:73:57:74 | id | graphql.js:57:66:57:76 | `foo ${id}` | provenance | |
|
||||
| graphql.js:73:9:73:25 | id | graphql.js:74:56:74:57 | id | provenance | |
|
||||
| graphql.js:73:9:73:25 | id | graphql.js:86:13:86:14 | id | provenance | |
|
||||
| graphql.js:73:14:73:25 | req.query.id | graphql.js:73:9:73:25 | id | provenance | |
|
||||
| graphql.js:74:56:74:57 | id | graphql.js:74:46:74:64 | "{ foo" + id + " }" | provenance | |
|
||||
| graphql.js:86:13:86:14 | id | graphql.js:82:14:88:8 | `{ // $ ... }` | provenance | |
|
||||
| graphql.js:117:11:117:28 | id | graphql.js:118:45:118:46 | id | provenance | |
|
||||
| graphql.js:117:16:117:28 | req.params.id | graphql.js:117:11:117:28 | id | provenance | |
|
||||
| graphql.js:118:45:118:46 | id | graphql.js:118:38:118:48 | `foo ${id}` | provenance | |
|
||||
| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | provenance | |
|
||||
| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | provenance | |
|
||||
| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | provenance | |
|
||||
@@ -351,209 +351,209 @@ edges
|
||||
| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | |
|
||||
| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | provenance | Config |
|
||||
| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | provenance | |
|
||||
| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | provenance | |
|
||||
| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:13:17:13:21 | query | provenance | |
|
||||
| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | provenance | |
|
||||
| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | provenance | Config |
|
||||
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | provenance | Config |
|
||||
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | provenance | Config |
|
||||
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | provenance | Config |
|
||||
| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | provenance | |
|
||||
| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:13:17:13:21 | query | provenance | Config |
|
||||
| marsdb.js:12:9:12:18 | query | marsdb.js:15:12:15:16 | query | provenance | |
|
||||
| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | provenance | |
|
||||
| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | provenance | Config |
|
||||
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | provenance | Config |
|
||||
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | provenance | Config |
|
||||
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | provenance | Config |
|
||||
| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | provenance | |
|
||||
| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:15:12:15:16 | query | provenance | Config |
|
||||
| minimongo.js:14:9:14:18 | query | minimongo.js:17:12:17:16 | query | provenance | |
|
||||
| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | provenance | |
|
||||
| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | provenance | Config |
|
||||
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | provenance | Config |
|
||||
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | provenance | Config |
|
||||
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | provenance | Config |
|
||||
| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:17:12:17:16 | query | provenance | Config |
|
||||
| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | provenance | |
|
||||
| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | provenance | |
|
||||
| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | provenance | |
|
||||
| mongodb.js:13:5:13:9 | query | mongodb.js:17:16:17:20 | query | provenance | |
|
||||
| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | provenance | Config |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | provenance | Config |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | provenance | Config |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | provenance | Config |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | provenance | Config |
|
||||
| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | provenance | |
|
||||
| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | provenance | Config |
|
||||
| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | provenance | |
|
||||
| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | provenance | Config |
|
||||
| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | provenance | Config |
|
||||
| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | provenance | |
|
||||
| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | provenance | |
|
||||
| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | provenance | |
|
||||
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | provenance | Config |
|
||||
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | provenance | Config |
|
||||
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | provenance | Config |
|
||||
| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | provenance | Config |
|
||||
| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | provenance | |
|
||||
| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | provenance | |
|
||||
| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | provenance | |
|
||||
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | provenance | Config |
|
||||
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | provenance | Config |
|
||||
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | provenance | Config |
|
||||
| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | provenance | Config |
|
||||
| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | provenance | |
|
||||
| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | provenance | |
|
||||
| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | provenance | |
|
||||
| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | provenance | Config |
|
||||
| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | provenance | Config |
|
||||
| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | provenance | |
|
||||
| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | provenance | |
|
||||
| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | provenance | |
|
||||
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | provenance | Config |
|
||||
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | provenance | Config |
|
||||
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | provenance | Config |
|
||||
| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | provenance | Config |
|
||||
| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:17:16:17:20 | query | provenance | Config |
|
||||
| mongodb.js:25:11:25:32 | title | mongodb.js:30:38:30:42 | title | provenance | |
|
||||
| mongodb.js:25:19:25:26 | req.body | mongodb.js:25:19:25:32 | req.body.title | provenance | Config |
|
||||
| mongodb.js:25:19:25:32 | req.body.title | mongodb.js:25:11:25:32 | title | provenance | |
|
||||
| mongodb.js:30:27:30:43 | JSON.parse(title) | mongodb.js:30:18:30:45 | { title ... itle) } | provenance | Config |
|
||||
| mongodb.js:30:38:30:42 | title | mongodb.js:30:27:30:43 | JSON.parse(title) | provenance | Config |
|
||||
| mongodb.js:46:11:46:20 | query | mongodb.js:47:5:47:9 | query | provenance | |
|
||||
| mongodb.js:46:19:46:20 | {} | mongodb.js:46:11:46:20 | query | provenance | |
|
||||
| mongodb.js:47:5:47:9 | query | mongodb.js:51:16:51:20 | query | provenance | |
|
||||
| mongodb.js:47:19:47:33 | req.query.title | mongodb.js:46:11:46:20 | query | provenance | Config |
|
||||
| mongodb.js:47:19:47:33 | req.query.title | mongodb.js:46:19:46:20 | {} | provenance | Config |
|
||||
| mongodb.js:47:19:47:33 | req.query.title | mongodb.js:47:5:47:9 | query | provenance | Config |
|
||||
| mongodb.js:47:19:47:33 | req.query.title | mongodb.js:51:16:51:20 | query | provenance | Config |
|
||||
| mongodb.js:56:8:56:17 | query | mongodb.js:57:2:57:6 | query | provenance | |
|
||||
| mongodb.js:56:16:56:17 | {} | mongodb.js:56:8:56:17 | query | provenance | |
|
||||
| mongodb.js:57:2:57:6 | query | mongodb.js:61:12:61:16 | query | provenance | |
|
||||
| mongodb.js:57:16:57:30 | req.query.title | mongodb.js:56:8:56:17 | query | provenance | Config |
|
||||
| mongodb.js:57:16:57:30 | req.query.title | mongodb.js:56:16:56:17 | {} | provenance | Config |
|
||||
| mongodb.js:57:16:57:30 | req.query.title | mongodb.js:57:2:57:6 | query | provenance | Config |
|
||||
| mongodb.js:57:16:57:30 | req.query.title | mongodb.js:61:12:61:16 | query | provenance | Config |
|
||||
| mongodb.js:66:7:66:25 | tag | mongodb.js:72:22:72:24 | tag | provenance | |
|
||||
| mongodb.js:66:7:66:25 | tag | mongodb.js:79:20:79:22 | tag | provenance | |
|
||||
| mongodb.js:66:13:66:25 | req.query.tag | mongodb.js:66:7:66:25 | tag | provenance | |
|
||||
| mongodb.js:72:22:72:24 | tag | mongodb.js:72:14:72:26 | { tags: tag } | provenance | Config |
|
||||
| mongodb.js:79:20:79:22 | tag | mongodb.js:79:12:79:24 | { tags: tag } | provenance | Config |
|
||||
| mongodb.js:100:9:100:18 | query | mongodb.js:101:3:101:7 | query | provenance | |
|
||||
| mongodb.js:100:17:100:18 | {} | mongodb.js:100:9:100:18 | query | provenance | |
|
||||
| mongodb.js:101:3:101:7 | query | mongodb.js:105:14:105:18 | query | provenance | |
|
||||
| mongodb.js:101:17:101:29 | queries.title | mongodb.js:100:9:100:18 | query | provenance | Config |
|
||||
| mongodb.js:101:17:101:29 | queries.title | mongodb.js:100:17:100:18 | {} | provenance | Config |
|
||||
| mongodb.js:101:17:101:29 | queries.title | mongodb.js:101:3:101:7 | query | provenance | Config |
|
||||
| mongodb.js:101:17:101:29 | queries.title | mongodb.js:105:14:105:18 | query | provenance | Config |
|
||||
| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | provenance | |
|
||||
| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | provenance | |
|
||||
| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | provenance | |
|
||||
| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:28:16:28:20 | query | provenance | |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | provenance | Config |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | provenance | Config |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | provenance | Config |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | provenance | Config |
|
||||
| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:28:16:28:20 | query | provenance | Config |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:23:22:23:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:25:17:25:21 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:27:22:27:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:29:21:29:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:31:28:31:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:33:16:33:20 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:35:19:35:23 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:37:28:37:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:39:28:39:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:41:28:41:32 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:43:22:43:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:45:18:45:22 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:47:22:47:26 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:49:21:49:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:51:32:51:36 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:53:27:53:31 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:54:8:54:12 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:57:17:57:21 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:58:10:58:14 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:59:8:59:12 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:60:7:60:11 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:61:16:61:20 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:62:12:62:16 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:63:10:63:14 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:67:37:67:41 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:68:46:68:50 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:69:47:69:51 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:90:21:90:25 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:97:14:97:18 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:99:31:99:35 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:119:38:119:42 | query | provenance | |
|
||||
| mongoose.js:20:8:20:17 | query | mongoose.js:122:30:122:34 | query | provenance | |
|
||||
| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | provenance | |
|
||||
| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | provenance | |
|
||||
| mongoose.js:21:2:21:6 | query | mongoose.js:23:22:23:26 | query | provenance | |
|
||||
| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:23:22:23:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:25:17:25:21 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:22:27:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:29:21:29:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:31:28:31:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:16:33:20 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:35:19:35:23 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:37:28:37:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:28:39:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:41:28:41:32 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:43:22:43:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:18:45:22 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:47:22:47:26 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:49:21:49:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:32:51:36 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:53:27:53:31 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:8:54:12 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:17:57:21 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:58:10:58:14 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:59:8:59:12 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:7:60:11 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:61:16:61:20 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:62:12:62:16 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:10:63:14 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:37:67:41 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:46:68:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:69:47:69:51 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:46:71:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:51:73:55 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:46:75:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:78:46:78:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:80:51:80:55 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | provenance | Config |
|
||||
| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | provenance | Config |
|
||||
| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | provenance | |
|
||||
| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | provenance | |
|
||||
| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | provenance | |
|
||||
| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | provenance | |
|
||||
| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | provenance | |
|
||||
| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | provenance | |
|
||||
| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | provenance | |
|
||||
| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | provenance | |
|
||||
| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | provenance | |
|
||||
| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | provenance | |
|
||||
| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | provenance | |
|
||||
| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | provenance | |
|
||||
| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | provenance | |
|
||||
| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | provenance | |
|
||||
| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | provenance | |
|
||||
| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | provenance | |
|
||||
| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | provenance | |
|
||||
| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | provenance | |
|
||||
| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | provenance | |
|
||||
| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | provenance | |
|
||||
| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | provenance | |
|
||||
| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | provenance | |
|
||||
| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | provenance | |
|
||||
| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | provenance | |
|
||||
| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | provenance | |
|
||||
| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | provenance | |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | provenance | |
|
||||
| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | provenance | |
|
||||
| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | provenance | |
|
||||
| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | provenance | |
|
||||
| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | provenance | |
|
||||
| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | provenance | |
|
||||
| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | provenance | |
|
||||
| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | provenance | |
|
||||
| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | provenance | |
|
||||
| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | provenance | Config |
|
||||
| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | provenance | |
|
||||
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | provenance | |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:90:21:90:25 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:97:14:97:18 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:99:31:99:35 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:119:38:119:42 | query | provenance | Config |
|
||||
| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:122:30:122:34 | query | provenance | Config |
|
||||
| mongoose.js:23:22:23:26 | query | mongoose.js:23:21:23:27 | [query] | provenance | Config |
|
||||
| mongoose.js:23:22:23:26 | query | mongoose.js:25:17:25:21 | query | provenance | |
|
||||
| mongoose.js:25:17:25:21 | query | mongoose.js:27:22:27:26 | query | provenance | |
|
||||
| mongoose.js:27:22:27:26 | query | mongoose.js:29:21:29:25 | query | provenance | |
|
||||
| mongoose.js:29:21:29:25 | query | mongoose.js:31:28:31:32 | query | provenance | |
|
||||
| mongoose.js:31:28:31:32 | query | mongoose.js:33:16:33:20 | query | provenance | |
|
||||
| mongoose.js:33:16:33:20 | query | mongoose.js:35:19:35:23 | query | provenance | |
|
||||
| mongoose.js:35:19:35:23 | query | mongoose.js:37:28:37:32 | query | provenance | |
|
||||
| mongoose.js:37:28:37:32 | query | mongoose.js:39:28:39:32 | query | provenance | |
|
||||
| mongoose.js:39:28:39:32 | query | mongoose.js:41:28:41:32 | query | provenance | |
|
||||
| mongoose.js:41:28:41:32 | query | mongoose.js:43:22:43:26 | query | provenance | |
|
||||
| mongoose.js:43:22:43:26 | query | mongoose.js:45:18:45:22 | query | provenance | |
|
||||
| mongoose.js:45:18:45:22 | query | mongoose.js:47:22:47:26 | query | provenance | |
|
||||
| mongoose.js:47:22:47:26 | query | mongoose.js:49:21:49:25 | query | provenance | |
|
||||
| mongoose.js:49:21:49:25 | query | mongoose.js:51:32:51:36 | query | provenance | |
|
||||
| mongoose.js:51:32:51:36 | query | mongoose.js:53:27:53:31 | query | provenance | |
|
||||
| mongoose.js:53:27:53:31 | query | mongoose.js:54:8:54:12 | query | provenance | |
|
||||
| mongoose.js:54:8:54:12 | query | mongoose.js:57:17:57:21 | query | provenance | |
|
||||
| mongoose.js:57:17:57:21 | query | mongoose.js:58:10:58:14 | query | provenance | |
|
||||
| mongoose.js:58:10:58:14 | query | mongoose.js:59:8:59:12 | query | provenance | |
|
||||
| mongoose.js:59:8:59:12 | query | mongoose.js:60:7:60:11 | query | provenance | |
|
||||
| mongoose.js:60:7:60:11 | query | mongoose.js:61:16:61:20 | query | provenance | |
|
||||
| mongoose.js:61:16:61:20 | query | mongoose.js:62:12:62:16 | query | provenance | |
|
||||
| mongoose.js:62:12:62:16 | query | mongoose.js:63:10:63:14 | query | provenance | |
|
||||
| mongoose.js:63:10:63:14 | query | mongoose.js:67:37:67:41 | query | provenance | |
|
||||
| mongoose.js:67:37:67:41 | query | mongoose.js:68:46:68:50 | query | provenance | |
|
||||
| mongoose.js:68:46:68:50 | query | mongoose.js:69:47:69:51 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:71:46:71:50 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:73:51:73:55 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:75:46:75:50 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:78:46:78:50 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:80:51:80:55 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:82:46:82:50 | query | provenance | |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:90:21:90:25 | query | provenance | |
|
||||
| mongoose.js:90:21:90:25 | query | mongoose.js:97:14:97:18 | query | provenance | |
|
||||
| mongoose.js:97:14:97:18 | query | mongoose.js:99:31:99:35 | query | provenance | |
|
||||
| mongoose.js:99:31:99:35 | query | mongoose.js:119:38:119:42 | query | provenance | |
|
||||
| mongoose.js:101:6:101:22 | id | mongoose.js:109:20:109:21 | id | provenance | |
|
||||
| mongoose.js:101:6:101:22 | id | mongoose.js:116:23:116:24 | id | provenance | |
|
||||
| mongoose.js:101:11:101:22 | req.query.id | mongoose.js:101:6:101:22 | id | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:102:22:102:25 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:103:21:103:24 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:104:21:104:24 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:105:18:105:21 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:106:22:106:25 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:107:16:107:19 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:108:19:108:22 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:110:28:110:31 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:111:28:111:31 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:112:28:112:31 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:113:18:113:21 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:114:22:114:25 | cond | provenance | |
|
||||
| mongoose.js:101:25:101:45 | cond | mongoose.js:115:21:115:24 | cond | provenance | |
|
||||
| mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:101:25:101:45 | cond | provenance | |
|
||||
| mongoose.js:116:23:116:24 | id | mongoose.js:116:16:116:26 | { _id: id } | provenance | Config |
|
||||
| mongoose.js:119:38:119:42 | query | mongoose.js:122:30:122:34 | query | provenance | |
|
||||
| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:22:19:22:23 | query | provenance | |
|
||||
| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | provenance | |
|
||||
| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | provenance | Config |
|
||||
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | provenance | Config |
|
||||
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | provenance | Config |
|
||||
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | provenance | Config |
|
||||
| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:22:19:22:23 | query | provenance | Config |
|
||||
| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | provenance | Config |
|
||||
| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | provenance | |
|
||||
| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | provenance | |
|
||||
@@ -621,24 +621,24 @@ edges
|
||||
| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | provenance | |
|
||||
| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | provenance | |
|
||||
| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | provenance | |
|
||||
| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | provenance | |
|
||||
| tst2.js:8:66:8:78 | req.params.id | tst2.js:8:27:8:84 | "select ... d + "'" | provenance | |
|
||||
| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | provenance | |
|
||||
| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | provenance | |
|
||||
| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | provenance | |
|
||||
| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | provenance | |
|
||||
subpaths
|
||||
#select
|
||||
| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value |
|
||||
| graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
|
||||
| graphql.js:30:32:30:42 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:30:32:30:42 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
|
||||
| graphql.js:33:18:33:28 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:33:18:33:28 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value |
|
||||
| graphql.js:44:14:44:24 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:44:14:44:24 | `foo ${id}` | This query string depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value |
|
||||
| graphql.js:48:44:48:54 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:48:44:48:54 | `foo ${id}` | This query string depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value |
|
||||
| graphql.js:56:39:56:49 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:56:39:56:49 | `foo ${id}` | This query string depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value |
|
||||
| graphql.js:58:66:58:76 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:58:66:58:76 | `foo ${id}` | This query string depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value |
|
||||
| graphql.js:75:46:75:64 | "{ foo" + id + " }" | graphql.js:74:14:74:25 | req.query.id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | This query string depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value |
|
||||
| graphql.js:84:14:90:8 | `{\\n ... }` | graphql.js:74:14:74:25 | req.query.id | graphql.js:84:14:90:8 | `{\\n ... }` | This query string depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value |
|
||||
| graphql.js:120:38:120:48 | `foo ${id}` | graphql.js:119:16:119:28 | req.params.id | graphql.js:120:38:120:48 | `foo ${id}` | This query string depends on a $@. | graphql.js:119:16:119:28 | req.params.id | user-provided value |
|
||||
| graphql.js:9:34:19:5 | ` // $ ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:9:34:19:5 | ` // $ ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value |
|
||||
| graphql.js:26:30:26:40 | `foo ${id}` | graphql.js:25:16:25:28 | req.params.id | graphql.js:26:30:26:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:25:16:25:28 | req.params.id | user-provided value |
|
||||
| graphql.js:29:32:29:42 | `foo ${id}` | graphql.js:25:16:25:28 | req.params.id | graphql.js:29:32:29:42 | `foo ${id}` | This query string depends on a $@. | graphql.js:25:16:25:28 | req.params.id | user-provided value |
|
||||
| graphql.js:32:18:32:28 | `foo ${id}` | graphql.js:25:16:25:28 | req.params.id | graphql.js:32:18:32:28 | `foo ${id}` | This query string depends on a $@. | graphql.js:25:16:25:28 | req.params.id | user-provided value |
|
||||
| graphql.js:43:14:43:24 | `foo ${id}` | graphql.js:38:16:38:28 | req.params.id | graphql.js:43:14:43:24 | `foo ${id}` | This query string depends on a $@. | graphql.js:38:16:38:28 | req.params.id | user-provided value |
|
||||
| graphql.js:47:44:47:54 | `foo ${id}` | graphql.js:38:16:38:28 | req.params.id | graphql.js:47:44:47:54 | `foo ${id}` | This query string depends on a $@. | graphql.js:38:16:38:28 | req.params.id | user-provided value |
|
||||
| graphql.js:55:39:55:49 | `foo ${id}` | graphql.js:54:16:54:28 | req.params.id | graphql.js:55:39:55:49 | `foo ${id}` | This query string depends on a $@. | graphql.js:54:16:54:28 | req.params.id | user-provided value |
|
||||
| graphql.js:57:66:57:76 | `foo ${id}` | graphql.js:54:16:54:28 | req.params.id | graphql.js:57:66:57:76 | `foo ${id}` | This query string depends on a $@. | graphql.js:54:16:54:28 | req.params.id | user-provided value |
|
||||
| graphql.js:74:46:74:64 | "{ foo" + id + " }" | graphql.js:73:14:73:25 | req.query.id | graphql.js:74:46:74:64 | "{ foo" + id + " }" | This query string depends on a $@. | graphql.js:73:14:73:25 | req.query.id | user-provided value |
|
||||
| graphql.js:82:14:88:8 | `{ // $ ... }` | graphql.js:73:14:73:25 | req.query.id | graphql.js:82:14:88:8 | `{ // $ ... }` | This query string depends on a $@. | graphql.js:73:14:73:25 | req.query.id | user-provided value |
|
||||
| graphql.js:118:38:118:48 | `foo ${id}` | graphql.js:117:16:117:28 | req.params.id | graphql.js:118:38:118:48 | `foo ${id}` | This query string depends on a $@. | graphql.js:117:16:117:28 | req.params.id | user-provided value |
|
||||
| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | This query string depends on a $@. | html-sanitizer.js:13:39:13:44 | param1 | user-provided value |
|
||||
| json-schema-validator.js:33:22:33:26 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:33:22:33:26 | query | This query object depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value |
|
||||
| json-schema-validator.js:35:18:35:22 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:35:18:35:22 | query | This query object depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value |
|
||||
@@ -650,67 +650,67 @@ subpaths
|
||||
| ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
|
||||
| ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
|
||||
| ldap.js:68:27:68:42 | `cn=${username}` | ldap.js:20:21:20:27 | req.url | ldap.js:68:27:68:42 | `cn=${username}` | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value |
|
||||
| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query object depends on a $@. | marsdb-flow-to.js:11:17:11:24 | req.body | user-provided value |
|
||||
| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query object depends on a $@. | marsdb.js:13:17:13:24 | req.body | user-provided value |
|
||||
| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query object depends on a $@. | minimongo.js:15:17:15:24 | req.body | user-provided value |
|
||||
| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query object depends on a $@. | mongodb.js:13:19:13:26 | req.body | user-provided value |
|
||||
| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query object depends on a $@. | mongodb.js:26:19:26:26 | req.body | user-provided value |
|
||||
| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query object depends on a $@. | mongodb.js:49:19:49:33 | req.query.title | user-provided value |
|
||||
| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query object depends on a $@. | mongodb.js:60:16:60:30 | req.query.title | user-provided value |
|
||||
| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query object depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value |
|
||||
| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query object depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value |
|
||||
| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query object depends on a $@. | mongodb.js:107:17:107:29 | queries.title | user-provided value |
|
||||
| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query object depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value |
|
||||
| mongoose.js:24:21:24:27 | [query] | mongoose.js:21:16:21:23 | req.body | mongoose.js:24:21:24:27 | [query] | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:27:17:27:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:27:17:27:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:30:22:30:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:30:22:30:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:33:21:33:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:33:21:33:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:36:28:36:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:36:28:36:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:39:16:39:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:39:16:39:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:42:19:42:23 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:42:19:42:23 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:45:28:45:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:45:28:45:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:48:28:48:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:48:28:48:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:51:28:51:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:51:28:51:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:54:22:54:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:54:22:54:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:57:18:57:22 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:57:18:57:22 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:60:22:60:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:60:22:60:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:63:21:63:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:63:21:63:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:65:32:65:36 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:65:32:65:36 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:67:27:67:31 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:67:27:67:31 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:68:8:68:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:68:8:68:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:71:17:71:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:71:17:71:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:72:10:72:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:72:10:72:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:73:8:73:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:73:8:73:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:74:7:74:11 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:74:7:74:11 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:75:16:75:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:75:16:75:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:77:10:77:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:77:10:77:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| marsdb-flow-to.js:13:17:13:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:13:17:13:21 | query | This query object depends on a $@. | marsdb-flow-to.js:11:17:11:24 | req.body | user-provided value |
|
||||
| marsdb.js:15:12:15:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:15:12:15:16 | query | This query object depends on a $@. | marsdb.js:13:17:13:24 | req.body | user-provided value |
|
||||
| minimongo.js:17:12:17:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:17:12:17:16 | query | This query object depends on a $@. | minimongo.js:15:17:15:24 | req.body | user-provided value |
|
||||
| mongodb.js:17:16:17:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:17:16:17:20 | query | This query object depends on a $@. | mongodb.js:13:19:13:26 | req.body | user-provided value |
|
||||
| mongodb.js:30:18:30:45 | { title ... itle) } | mongodb.js:25:19:25:26 | req.body | mongodb.js:30:18:30:45 | { title ... itle) } | This query object depends on a $@. | mongodb.js:25:19:25:26 | req.body | user-provided value |
|
||||
| mongodb.js:51:16:51:20 | query | mongodb.js:47:19:47:33 | req.query.title | mongodb.js:51:16:51:20 | query | This query object depends on a $@. | mongodb.js:47:19:47:33 | req.query.title | user-provided value |
|
||||
| mongodb.js:61:12:61:16 | query | mongodb.js:57:16:57:30 | req.query.title | mongodb.js:61:12:61:16 | query | This query object depends on a $@. | mongodb.js:57:16:57:30 | req.query.title | user-provided value |
|
||||
| mongodb.js:72:14:72:26 | { tags: tag } | mongodb.js:66:13:66:25 | req.query.tag | mongodb.js:72:14:72:26 | { tags: tag } | This query object depends on a $@. | mongodb.js:66:13:66:25 | req.query.tag | user-provided value |
|
||||
| mongodb.js:79:12:79:24 | { tags: tag } | mongodb.js:66:13:66:25 | req.query.tag | mongodb.js:79:12:79:24 | { tags: tag } | This query object depends on a $@. | mongodb.js:66:13:66:25 | req.query.tag | user-provided value |
|
||||
| mongodb.js:105:14:105:18 | query | mongodb.js:101:17:101:29 | queries.title | mongodb.js:105:14:105:18 | query | This query object depends on a $@. | mongodb.js:101:17:101:29 | queries.title | user-provided value |
|
||||
| mongodb_bodySafe.js:28:16:28:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:28:16:28:20 | query | This query object depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value |
|
||||
| mongoose.js:23:21:23:27 | [query] | mongoose.js:21:16:21:23 | req.body | mongoose.js:23:21:23:27 | [query] | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:25:17:25:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:25:17:25:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:27:22:27:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:27:22:27:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:29:21:29:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:29:21:29:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:31:28:31:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:31:28:31:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:33:16:33:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:33:16:33:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:35:19:35:23 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:35:19:35:23 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:37:28:37:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:37:28:37:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:39:28:39:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:39:28:39:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:41:28:41:32 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:41:28:41:32 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:43:22:43:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:43:22:43:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:45:18:45:22 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:45:18:45:22 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:47:22:47:26 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:47:22:47:26 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:49:21:49:25 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:49:21:49:25 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:51:32:51:36 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:51:32:51:36 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:53:27:53:31 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:53:27:53:31 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:54:8:54:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:54:8:54:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:57:17:57:21 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:57:17:57:21 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:58:10:58:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:58:10:58:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:59:8:59:12 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:59:8:59:12 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:60:7:60:11 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:60:7:60:11 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:61:16:61:20 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:61:16:61:20 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:63:10:63:14 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:63:10:63:14 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:68:46:68:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:68:46:68:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:69:47:69:51 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:69:47:69:51 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:71:46:71:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:71:46:71:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:73:51:73:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:73:51:73:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:75:46:75:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:75:46:75:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:78:46:78:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:78:46:78:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:80:51:80:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:80:51:80:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:82:46:82:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:82:46:82:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:83:47:83:51 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:83:47:83:51 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:85:46:85:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:85:46:85:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:87:51:87:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:87:51:87:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:89:46:89:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:89:46:89:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:92:46:92:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:92:46:92:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:94:51:94:55 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:94:51:94:55 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:96:46:96:50 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:96:46:96:50 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:111:14:111:18 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:111:14:111:18 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:113:31:113:35 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:113:31:113:35 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value |
|
||||
| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value |
|
||||
| mongoose.js:136:30:136:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:136:30:136:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value |
|
||||
| mongoose.js:97:14:97:18 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:97:14:97:18 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:99:31:99:35 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:99:31:99:35 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongoose.js:102:22:102:25 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:102:22:102:25 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:103:21:103:24 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:103:21:103:24 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:104:21:104:24 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:104:21:104:24 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:105:18:105:21 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:105:18:105:21 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:106:22:106:25 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:106:22:106:25 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:107:16:107:19 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:107:16:107:19 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:108:19:108:22 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:108:19:108:22 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:109:20:109:21 | id | mongoose.js:101:11:101:22 | req.query.id | mongoose.js:109:20:109:21 | id | This query object depends on a $@. | mongoose.js:101:11:101:22 | req.query.id | user-provided value |
|
||||
| mongoose.js:110:28:110:31 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:110:28:110:31 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:111:28:111:31 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:111:28:111:31 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:112:28:112:31 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:112:28:112:31 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:113:18:113:21 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:113:18:113:21 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:114:22:114:25 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:114:22:114:25 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:115:21:115:24 | cond | mongoose.js:101:32:101:45 | req.query.cond | mongoose.js:115:21:115:24 | cond | This query object depends on a $@. | mongoose.js:101:32:101:45 | req.query.cond | user-provided value |
|
||||
| mongoose.js:116:16:116:26 | { _id: id } | mongoose.js:101:11:101:22 | req.query.id | mongoose.js:116:16:116:26 | { _id: id } | This query object depends on a $@. | mongoose.js:101:11:101:22 | req.query.id | user-provided value |
|
||||
| mongoose.js:122:30:122:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:122:30:122:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value |
|
||||
| mongooseJsonParse.js:22:19:22:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:22:19:22:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value |
|
||||
| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query object depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value |
|
||||
| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query object depends on a $@. | mongooseModelClient.js:12:22:12:29 | req.body | user-provided value |
|
||||
| mysql.js:15:18:15:65 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:15:18:15:65 | 'SELECT ... + temp | This query string depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value |
|
||||
@@ -751,7 +751,7 @@ subpaths
|
||||
| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query object depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value |
|
||||
| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query object depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value |
|
||||
| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query string depends on a $@. | socketio.js:10:25:10:30 | handle | user-provided value |
|
||||
| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query string depends on a $@. | tst2.js:9:66:9:78 | req.params.id | user-provided value |
|
||||
| tst2.js:8:27:8:84 | "select ... d + "'" | tst2.js:8:66:8:78 | req.params.id | tst2.js:8:27:8:84 | "select ... d + "'" | This query string depends on a $@. | tst2.js:8:66:8:78 | req.params.id | user-provided value |
|
||||
| tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query string depends on a $@. | tst3.js:8:16:8:34 | req.params.category | user-provided value |
|
||||
| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query string depends on a $@. | tst4.js:8:46:8:60 | $routeParams.id | user-provided value |
|
||||
| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query string depends on a $@. | tst.js:10:46:10:58 | req.params.id | user-provided value |
|
||||
|
||||
@@ -2,14 +2,14 @@ edges
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | |
|
||||
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | |
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | |
|
||||
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | |
|
||||
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | |
|
||||
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | |
|
||||
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | |
|
||||
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | |
|
||||
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | |
|
||||
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | |
|
||||
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | |
|
||||
| express.js:6:44:6:62 | req.param("wobble") | express.js:6:24:6:69 | "return ... + "];" | provenance | |
|
||||
| express.js:7:54:7:72 | req.param("wobble") | express.js:7:34:7:79 | "return ... + "];" | provenance | |
|
||||
| express.js:9:28:9:46 | req.param("wobble") | express.js:9:8:9:53 | "return ... + "];" | provenance | |
|
||||
| express.js:19:9:19:35 | taint | express.js:20:34:20:38 | taint | provenance | |
|
||||
| express.js:19:17:19:35 | req.param("wobble") | express.js:19:9:19:35 | taint | provenance | |
|
||||
| express.js:27:9:27:35 | taint | express.js:36:15:36:19 | taint | provenance | |
|
||||
| express.js:27:17:27:35 | req.param("wobble") | express.js:27:9:27:35 | taint | provenance | |
|
||||
| express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
|
||||
@@ -28,17 +28,17 @@ edges
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | |
|
||||
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | |
|
||||
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | |
|
||||
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | |
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | |
|
||||
| tst.js:1:6:1:27 | documen ... on.href | tst.js:1:6:1:83 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:11:10:11:33 | documen ... .search | tst.js:11:10:11:74 | documen ... , "$1") | provenance | |
|
||||
| tst.js:17:11:17:32 | documen ... on.hash | tst.js:17:11:17:45 | documen ... ring(1) | provenance | |
|
||||
| tst.js:17:11:17:45 | documen ... ring(1) | tst.js:17:6:17:46 | atob(do ... ing(1)) | provenance | |
|
||||
| tst.js:19:26:19:40 | location.search | tst.js:19:26:19:53 | locatio ... ring(1) | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:24:18:24:23 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:26:14:26:19 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:28:28:28:33 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:30:33:30:38 | source | provenance | |
|
||||
| tst.js:22:18:22:41 | documen ... .search | tst.js:22:18:22:82 | documen ... , "$1") | provenance | |
|
||||
| tst.js:22:18:22:82 | documen ... , "$1") | tst.js:22:9:22:82 | source | provenance | |
|
||||
nodes
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body |
|
||||
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query |
|
||||
@@ -61,24 +61,24 @@ nodes
|
||||
| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search |
|
||||
| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search |
|
||||
| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search |
|
||||
| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") |
|
||||
| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") |
|
||||
| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") |
|
||||
| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
|
||||
| express.js:26:9:26:35 | taint | semmle.label | taint |
|
||||
| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:27:34:27:38 | taint | semmle.label | taint |
|
||||
| express.js:34:9:34:35 | taint | semmle.label | taint |
|
||||
| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:43:15:43:19 | taint | semmle.label | taint |
|
||||
| express.js:49:30:49:32 | msg | semmle.label | msg |
|
||||
| express.js:50:10:50:12 | msg | semmle.label | msg |
|
||||
| express.js:6:24:6:69 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:6:44:6:62 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:7:34:7:79 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:7:54:7:72 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:9:8:9:53 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:9:28:9:46 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:11:22:11:54 | req.par ... ction") | semmle.label | req.par ... ction") |
|
||||
| express.js:12:30:12:53 | req.par ... cript") | semmle.label | req.par ... cript") |
|
||||
| express.js:13:37:13:70 | req.par ... odule") | semmle.label | req.par ... odule") |
|
||||
| express.js:14:19:14:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
|
||||
| express.js:19:9:19:35 | taint | semmle.label | taint |
|
||||
| express.js:19:17:19:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:20:34:20:38 | taint | semmle.label | taint |
|
||||
| express.js:27:9:27:35 | taint | semmle.label | taint |
|
||||
| express.js:27:17:27:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:36:15:36:19 | taint | semmle.label | taint |
|
||||
| express.js:42:30:42:32 | msg | semmle.label | msg |
|
||||
| express.js:43:10:43:12 | msg | semmle.label | msg |
|
||||
| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code |
|
||||
| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code |
|
||||
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
|
||||
@@ -102,25 +102,25 @@ nodes
|
||||
| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
|
||||
| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst.js:26:26:26:40 | location.search | semmle.label | location.search |
|
||||
| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
|
||||
| tst.js:29:9:29:82 | source | semmle.label | source |
|
||||
| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:31:18:31:23 | source | semmle.label | source |
|
||||
| tst.js:33:14:33:19 | source | semmle.label | source |
|
||||
| tst.js:35:28:35:33 | source | semmle.label | source |
|
||||
| tst.js:37:33:37:38 | source | semmle.label | source |
|
||||
| tst.js:1:6:1:27 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:1:6:1:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:11:10:11:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:11:10:11:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:13:21:13:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:15:30:15:51 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:17:6:17:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
|
||||
| tst.js:17:11:17:32 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:17:11:17:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst.js:19:26:19:40 | location.search | semmle.label | location.search |
|
||||
| tst.js:19:26:19:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
|
||||
| tst.js:22:9:22:82 | source | semmle.label | source |
|
||||
| tst.js:22:18:22:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:22:18:22:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:24:18:24:23 | source | semmle.label | source |
|
||||
| tst.js:26:14:26:19 | source | semmle.label | source |
|
||||
| tst.js:28:28:28:33 | source | semmle.label | source |
|
||||
| tst.js:30:33:30:38 | source | semmle.label | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
@@ -147,16 +147,16 @@ subpaths
|
||||
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | This code execution depends on a $@. | angularjs.js:47:16:47:30 | location.search | user-provided value |
|
||||
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | This code execution depends on a $@. | angularjs.js:50:22:50:36 | location.search | user-provided value |
|
||||
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | This code execution depends on a $@. | angularjs.js:53:32:53:46 | location.search | user-provided value |
|
||||
| express.js:7:24:7:69 | "return ... + "];" | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | This code execution depends on a $@. | express.js:7:44:7:62 | req.param("wobble") | user-provided value |
|
||||
| express.js:9:34:9:79 | "return ... + "];" | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | This code execution depends on a $@. | express.js:9:54:9:72 | req.param("wobble") | user-provided value |
|
||||
| express.js:12:8:12:53 | "return ... + "];" | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | This code execution depends on a $@. | express.js:12:28:12:46 | req.param("wobble") | user-provided value |
|
||||
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | This code execution depends on a $@. | express.js:15:22:15:54 | req.par ... ction") | user-provided value |
|
||||
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | This code execution depends on a $@. | express.js:17:30:17:53 | req.par ... cript") | user-provided value |
|
||||
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | This code execution depends on a $@. | express.js:19:37:19:70 | req.par ... odule") | user-provided value |
|
||||
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:21:19:21:48 | req.par ... ntext") | user-provided value |
|
||||
| express.js:27:34:27:38 | taint | express.js:26:17:26:35 | req.param("wobble") | express.js:27:34:27:38 | taint | This code execution depends on a $@. | express.js:26:17:26:35 | req.param("wobble") | user-provided value |
|
||||
| express.js:43:15:43:19 | taint | express.js:34:17:34:35 | req.param("wobble") | express.js:43:15:43:19 | taint | This code execution depends on a $@. | express.js:34:17:34:35 | req.param("wobble") | user-provided value |
|
||||
| express.js:50:10:50:12 | msg | express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | This code execution depends on a $@. | express.js:49:30:49:32 | msg | user-provided value |
|
||||
| express.js:6:24:6:69 | "return ... + "];" | express.js:6:44:6:62 | req.param("wobble") | express.js:6:24:6:69 | "return ... + "];" | This code execution depends on a $@. | express.js:6:44:6:62 | req.param("wobble") | user-provided value |
|
||||
| express.js:7:34:7:79 | "return ... + "];" | express.js:7:54:7:72 | req.param("wobble") | express.js:7:34:7:79 | "return ... + "];" | This code execution depends on a $@. | express.js:7:54:7:72 | req.param("wobble") | user-provided value |
|
||||
| express.js:9:8:9:53 | "return ... + "];" | express.js:9:28:9:46 | req.param("wobble") | express.js:9:8:9:53 | "return ... + "];" | This code execution depends on a $@. | express.js:9:28:9:46 | req.param("wobble") | user-provided value |
|
||||
| express.js:11:22:11:54 | req.par ... ction") | express.js:11:22:11:54 | req.par ... ction") | express.js:11:22:11:54 | req.par ... ction") | This code execution depends on a $@. | express.js:11:22:11:54 | req.par ... ction") | user-provided value |
|
||||
| express.js:12:30:12:53 | req.par ... cript") | express.js:12:30:12:53 | req.par ... cript") | express.js:12:30:12:53 | req.par ... cript") | This code execution depends on a $@. | express.js:12:30:12:53 | req.par ... cript") | user-provided value |
|
||||
| express.js:13:37:13:70 | req.par ... odule") | express.js:13:37:13:70 | req.par ... odule") | express.js:13:37:13:70 | req.par ... odule") | This code execution depends on a $@. | express.js:13:37:13:70 | req.par ... odule") | user-provided value |
|
||||
| express.js:14:19:14:48 | req.par ... ntext") | express.js:14:19:14:48 | req.par ... ntext") | express.js:14:19:14:48 | req.par ... ntext") | This code execution depends on a $@. | express.js:14:19:14:48 | req.par ... ntext") | user-provided value |
|
||||
| express.js:20:34:20:38 | taint | express.js:19:17:19:35 | req.param("wobble") | express.js:20:34:20:38 | taint | This code execution depends on a $@. | express.js:19:17:19:35 | req.param("wobble") | user-provided value |
|
||||
| express.js:36:15:36:19 | taint | express.js:27:17:27:35 | req.param("wobble") | express.js:36:15:36:19 | taint | This code execution depends on a $@. | express.js:27:17:27:35 | req.param("wobble") | user-provided value |
|
||||
| express.js:43:10:43:12 | msg | express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | This code execution depends on a $@. | express.js:42:30:42:32 | msg | user-provided value |
|
||||
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | This code execution depends on a $@. | module.js:9:16:9:29 | req.query.code | user-provided value |
|
||||
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | This code execution depends on a $@. | module.js:11:17:11:30 | req.query.code | user-provided value |
|
||||
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | This code execution depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
|
||||
@@ -176,17 +176,17 @@ subpaths
|
||||
| template-sinks.js:31:19:31:25 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:31:19:31:25 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:32:16:32:22 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:32:16:32:22 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| template-sinks.js:33:17:33:23 | tainted | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:33:17:33:23 | tainted | Template, which may contain code, depends on a $@. | template-sinks.js:18:19:18:31 | req.query.foo | user-provided value |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:2:6:2:27 | documen ... on.href | user-provided value |
|
||||
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:5:12:5:33 | documen ... on.hash | user-provided value |
|
||||
| tst.js:14:10:14:74 | documen ... , "$1") | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:14:10:14:33 | documen ... .search | user-provided value |
|
||||
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | This code execution depends on a $@. | tst.js:17:21:17:42 | documen ... on.hash | user-provided value |
|
||||
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | This code execution depends on a $@. | tst.js:20:30:20:51 | documen ... on.hash | user-provided value |
|
||||
| tst.js:23:6:23:46 | atob(do ... ing(1)) | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:6:23:46 | atob(do ... ing(1)) | This code execution depends on a $@. | tst.js:23:11:23:32 | documen ... on.hash | user-provided value |
|
||||
| tst.js:26:26:26:53 | locatio ... ring(1) | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | This code execution depends on a $@. | tst.js:26:26:26:40 | location.search | user-provided value |
|
||||
| tst.js:31:18:31:23 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:31:18:31:23 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:33:14:33:19 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:33:14:33:19 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:35:28:35:33 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:35:28:35:33 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:37:33:37:38 | source | tst.js:29:18:29:41 | documen ... .search | tst.js:37:33:37:38 | source | This code execution depends on a $@. | tst.js:29:18:29:41 | documen ... .search | user-provided value |
|
||||
| tst.js:1:6:1:83 | documen ... t=")+8) | tst.js:1:6:1:27 | documen ... on.href | tst.js:1:6:1:83 | documen ... t=")+8) | This code execution depends on a $@. | tst.js:1:6:1:27 | documen ... on.href | user-provided value |
|
||||
| tst.js:3:12:3:33 | documen ... on.hash | tst.js:3:12:3:33 | documen ... on.hash | tst.js:3:12:3:33 | documen ... on.hash | This code execution depends on a $@. | tst.js:3:12:3:33 | documen ... on.hash | user-provided value |
|
||||
| tst.js:11:10:11:74 | documen ... , "$1") | tst.js:11:10:11:33 | documen ... .search | tst.js:11:10:11:74 | documen ... , "$1") | This code execution depends on a $@. | tst.js:11:10:11:33 | documen ... .search | user-provided value |
|
||||
| tst.js:13:21:13:42 | documen ... on.hash | tst.js:13:21:13:42 | documen ... on.hash | tst.js:13:21:13:42 | documen ... on.hash | This code execution depends on a $@. | tst.js:13:21:13:42 | documen ... on.hash | user-provided value |
|
||||
| tst.js:15:30:15:51 | documen ... on.hash | tst.js:15:30:15:51 | documen ... on.hash | tst.js:15:30:15:51 | documen ... on.hash | This code execution depends on a $@. | tst.js:15:30:15:51 | documen ... on.hash | user-provided value |
|
||||
| tst.js:17:6:17:46 | atob(do ... ing(1)) | tst.js:17:11:17:32 | documen ... on.hash | tst.js:17:6:17:46 | atob(do ... ing(1)) | This code execution depends on a $@. | tst.js:17:11:17:32 | documen ... on.hash | user-provided value |
|
||||
| tst.js:19:26:19:53 | locatio ... ring(1) | tst.js:19:26:19:40 | location.search | tst.js:19:26:19:53 | locatio ... ring(1) | This code execution depends on a $@. | tst.js:19:26:19:40 | location.search | user-provided value |
|
||||
| tst.js:24:18:24:23 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:24:18:24:23 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
|
||||
| tst.js:26:14:26:19 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:26:14:26:19 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
|
||||
| tst.js:28:28:28:33 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:28:28:28:33 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
|
||||
| tst.js:30:33:30:38 | source | tst.js:22:18:22:41 | documen ... .search | tst.js:30:33:30:38 | source | This code execution depends on a $@. | tst.js:22:18:22:41 | documen ... .search | user-provided value |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | This code execution depends on a $@. | webix/webix.html:3:16:3:37 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:4:26:4:47 | documen ... on.hash | user-provided value |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | Template, which may contain code, depends on a $@. | webix/webix.html:5:47:5:68 | documen ... on.hash | user-provided value |
|
||||
|
||||
@@ -3,14 +3,14 @@ edges
|
||||
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | |
|
||||
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | |
|
||||
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | provenance | |
|
||||
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | |
|
||||
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | |
|
||||
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | |
|
||||
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | |
|
||||
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | |
|
||||
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | |
|
||||
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | |
|
||||
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | |
|
||||
| express.js:6:44:6:62 | req.param("wobble") | express.js:6:24:6:69 | "return ... + "];" | provenance | |
|
||||
| express.js:7:54:7:72 | req.param("wobble") | express.js:7:34:7:79 | "return ... + "];" | provenance | |
|
||||
| express.js:9:28:9:46 | req.param("wobble") | express.js:9:8:9:53 | "return ... + "];" | provenance | |
|
||||
| express.js:19:9:19:35 | taint | express.js:20:34:20:38 | taint | provenance | |
|
||||
| express.js:19:17:19:35 | req.param("wobble") | express.js:19:9:19:35 | taint | provenance | |
|
||||
| express.js:27:9:27:35 | taint | express.js:36:15:36:19 | taint | provenance | |
|
||||
| express.js:27:17:27:35 | req.param("wobble") | express.js:27:9:27:35 | taint | provenance | |
|
||||
| express.js:42:30:42:32 | msg | express.js:43:10:43:12 | msg | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
|
||||
@@ -29,17 +29,17 @@ edges
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | |
|
||||
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | |
|
||||
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | |
|
||||
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | |
|
||||
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | |
|
||||
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | |
|
||||
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | |
|
||||
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | |
|
||||
| tst.js:1:6:1:27 | documen ... on.href | tst.js:1:6:1:83 | documen ... t=")+8) | provenance | |
|
||||
| tst.js:11:10:11:33 | documen ... .search | tst.js:11:10:11:74 | documen ... , "$1") | provenance | |
|
||||
| tst.js:17:11:17:32 | documen ... on.hash | tst.js:17:11:17:45 | documen ... ring(1) | provenance | |
|
||||
| tst.js:17:11:17:45 | documen ... ring(1) | tst.js:17:6:17:46 | atob(do ... ing(1)) | provenance | |
|
||||
| tst.js:19:26:19:40 | location.search | tst.js:19:26:19:53 | locatio ... ring(1) | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:24:18:24:23 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:26:14:26:19 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:28:28:28:33 | source | provenance | |
|
||||
| tst.js:22:9:22:82 | source | tst.js:30:33:30:38 | source | provenance | |
|
||||
| tst.js:22:18:22:41 | documen ... .search | tst.js:22:18:22:82 | documen ... , "$1") | provenance | |
|
||||
| tst.js:22:18:22:82 | documen ... , "$1") | tst.js:22:9:22:82 | source | provenance | |
|
||||
nodes
|
||||
| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body |
|
||||
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query |
|
||||
@@ -64,24 +64,24 @@ nodes
|
||||
| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search |
|
||||
| eslint-escope-build.js:20:22:20:22 | c | semmle.label | c |
|
||||
| eslint-escope-build.js:21:16:21:16 | c | semmle.label | c |
|
||||
| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") |
|
||||
| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") |
|
||||
| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") |
|
||||
| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
|
||||
| express.js:26:9:26:35 | taint | semmle.label | taint |
|
||||
| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:27:34:27:38 | taint | semmle.label | taint |
|
||||
| express.js:34:9:34:35 | taint | semmle.label | taint |
|
||||
| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:43:15:43:19 | taint | semmle.label | taint |
|
||||
| express.js:49:30:49:32 | msg | semmle.label | msg |
|
||||
| express.js:50:10:50:12 | msg | semmle.label | msg |
|
||||
| express.js:6:24:6:69 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:6:44:6:62 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:7:34:7:79 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:7:54:7:72 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:9:8:9:53 | "return ... + "];" | semmle.label | "return ... + "];" |
|
||||
| express.js:9:28:9:46 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:11:22:11:54 | req.par ... ction") | semmle.label | req.par ... ction") |
|
||||
| express.js:12:30:12:53 | req.par ... cript") | semmle.label | req.par ... cript") |
|
||||
| express.js:13:37:13:70 | req.par ... odule") | semmle.label | req.par ... odule") |
|
||||
| express.js:14:19:14:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
|
||||
| express.js:19:9:19:35 | taint | semmle.label | taint |
|
||||
| express.js:19:17:19:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:20:34:20:38 | taint | semmle.label | taint |
|
||||
| express.js:27:9:27:35 | taint | semmle.label | taint |
|
||||
| express.js:27:17:27:35 | req.param("wobble") | semmle.label | req.param("wobble") |
|
||||
| express.js:36:15:36:19 | taint | semmle.label | taint |
|
||||
| express.js:42:30:42:32 | msg | semmle.label | msg |
|
||||
| express.js:43:10:43:12 | msg | semmle.label | msg |
|
||||
| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code |
|
||||
| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code |
|
||||
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
|
||||
@@ -105,25 +105,25 @@ nodes
|
||||
| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted |
|
||||
| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted |
|
||||
| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted |
|
||||
| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
|
||||
| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst.js:26:26:26:40 | location.search | semmle.label | location.search |
|
||||
| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
|
||||
| tst.js:29:9:29:82 | source | semmle.label | source |
|
||||
| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:31:18:31:23 | source | semmle.label | source |
|
||||
| tst.js:33:14:33:19 | source | semmle.label | source |
|
||||
| tst.js:35:28:35:33 | source | semmle.label | source |
|
||||
| tst.js:37:33:37:38 | source | semmle.label | source |
|
||||
| tst.js:1:6:1:27 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:1:6:1:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
|
||||
| tst.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:11:10:11:33 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:11:10:11:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:13:21:13:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:15:30:15:51 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:17:6:17:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
|
||||
| tst.js:17:11:17:32 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst.js:17:11:17:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst.js:19:26:19:40 | location.search | semmle.label | location.search |
|
||||
| tst.js:19:26:19:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
|
||||
| tst.js:22:9:22:82 | source | semmle.label | source |
|
||||
| tst.js:22:18:22:41 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst.js:22:18:22:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
|
||||
| tst.js:24:18:24:23 | source | semmle.label | source |
|
||||
| tst.js:26:14:26:19 | source | semmle.label | source |
|
||||
| tst.js:28:28:28:33 | source | semmle.label | source |
|
||||
| tst.js:30:33:30:38 | source | semmle.label | source |
|
||||
| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
| tst-httpOnly.js:11:9:15:2 | session ... BAD\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:11:9:15:2 | session ... lert\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:29:9:29:21 | session(sess) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:38:9:38:22 | session(sess2) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:47:9:47:22 | session(sess3) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:51:9:55:2 | session ... BAD\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:51:9:55:2 | session ... lert\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:68:5:73:10 | res.coo ... }) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:78:5:81:10 | res.coo ... }) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:101:5:101:43 | res.coo ... ptions) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
@@ -12,9 +12,9 @@
|
||||
| tst-httpOnly.js:148:5:148:41 | res.coo ... ptions) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:159:5:159:43 | res.coo ... ptions) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:170:5:170:40 | res.coo ... ptions) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:209:37:209:51 | "authKey=ninja" | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:229:38:229:52 | "authKey=ninja" | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:289:37:289:59 | `authKe ... {attr}` | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:303:9:307:2 | session ... BAD\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:320:9:324:2 | session ... tter\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:330:37:330:68 | "sessio ... onKey() | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:208:37:208:51 | "authKey=ninja" | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:227:38:227:52 | "authKey=ninja" | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:287:37:287:59 | `authKe ... {attr}` | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:301:9:305:2 | session ... lert\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:318:9:322:2 | session ... tter\\n}) | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
| tst-httpOnly.js:328:37:328:68 | "sessio ... onKey() | Sensitive server cookie is missing 'httpOnly' flag. |
|
||||
|
||||
@@ -18,25 +18,25 @@
|
||||
| tst-multi-character-sanitization.js:83:7:83:63 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:83:18:83:21 | <!-- | <!-- |
|
||||
| tst-multi-character-sanitization.js:85:7:85:48 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:85:18:85:21 | \\x2E | ../ |
|
||||
| tst-multi-character-sanitization.js:87:7:87:47 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:87:18:87:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:92:7:96:4 | x.repla ... ";\\n }) | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:92:18:92:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:101:7:101:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:101:18:101:19 | \\. | ../ |
|
||||
| tst-multi-character-sanitization.js:102:7:102:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:102:18:102:19 | \\/ | /.. |
|
||||
| tst-multi-character-sanitization.js:104:7:104:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:104:18:104:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:106:7:106:64 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:106:18:106:18 | < | <script |
|
||||
| tst-multi-character-sanitization.js:107:7:107:62 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:107:18:107:19 | \\< | <script |
|
||||
| tst-multi-character-sanitization.js:108:7:108:75 | x.repla ... gm, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:108:18:108:18 | < | <script |
|
||||
| tst-multi-character-sanitization.js:109:7:109:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:109:18:109:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:110:7:110:50 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:110:18:110:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:111:7:111:32 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:111:20:111:23 | <!-- | <!-- |
|
||||
| tst-multi-character-sanitization.js:126:7:129:34 | x\\n . ... //, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:129:21:129:22 | \\/ | /.. |
|
||||
| tst-multi-character-sanitization.js:135:2:135:44 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:135:19:135:25 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:136:2:136:46 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:136:19:136:19 | < | <script |
|
||||
| tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:137:19:137:20 | .+ | <script |
|
||||
| tst-multi-character-sanitization.js:138:2:138:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:138:21:138:21 | < | <script |
|
||||
| tst-multi-character-sanitization.js:142:13:142:62 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:142:30:142:36 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:143:13:143:56 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:143:30:143:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:144:13:144:91 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:144:30:144:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:145:13:145:90 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:145:30:145:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:148:3:148:99 | n.clone ... gi, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:148:41:148:41 | < | <script |
|
||||
| tst-multi-character-sanitization.js:152:3:152:99 | n.clone ... gi, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:152:41:152:41 | < | <script |
|
||||
| tst-multi-character-sanitization.js:91:7:95:4 | x.repla ... ";\\n }) | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:91:18:91:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:100:7:100:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:100:18:100:19 | \\. | ../ |
|
||||
| tst-multi-character-sanitization.js:101:7:101:30 | x.repla ... /g, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:101:18:101:19 | \\/ | /.. |
|
||||
| tst-multi-character-sanitization.js:103:7:103:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:103:18:103:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:105:7:105:64 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:105:18:105:18 | < | <script |
|
||||
| tst-multi-character-sanitization.js:106:7:106:62 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:106:18:106:19 | \\< | <script |
|
||||
| tst-multi-character-sanitization.js:107:7:107:75 | x.repla ... gm, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:107:18:107:18 | < | <script |
|
||||
| tst-multi-character-sanitization.js:108:7:108:58 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:108:18:108:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:109:7:109:50 | x.repla ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:109:18:109:24 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:110:7:110:32 | x.repla ... /g, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:110:20:110:23 | <!-- | <!-- |
|
||||
| tst-multi-character-sanitization.js:125:7:128:34 | x\\n . ... //, "") | This string may still contain $@, which may cause a path injection vulnerability. | tst-multi-character-sanitization.js:128:21:128:22 | \\/ | /.. |
|
||||
| tst-multi-character-sanitization.js:134:2:134:44 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:134:19:134:25 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:135:2:135:46 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:135:19:135:19 | < | <script |
|
||||
| tst-multi-character-sanitization.js:136:2:136:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:136:19:136:20 | .+ | <script |
|
||||
| tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:137:21:137:21 | < | <script |
|
||||
| tst-multi-character-sanitization.js:141:13:141:62 | content ... gi, "") | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:141:30:141:36 | <script | <script |
|
||||
| tst-multi-character-sanitization.js:142:13:142:56 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:142:30:142:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:143:13:143:91 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:143:30:143:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:144:13:144:90 | content ... /g, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:144:30:144:30 | < | <script |
|
||||
| tst-multi-character-sanitization.js:147:3:147:99 | n.clone ... gi, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:147:41:147:41 | < | <script |
|
||||
| tst-multi-character-sanitization.js:151:3:151:99 | n.clone ... gi, '') | This string may still contain $@, which may cause an HTML element injection vulnerability. | tst-multi-character-sanitization.js:151:41:151:41 | < | <script |
|
||||
| tst.js:341:9:341:44 | p.repla ... "), "") | This string may still contain $@, which may cause a path injection vulnerability. | tst.js:341:31:341:33 | \\. | ../ |
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
| tst-sameSite.js:4:3:8:4 | Cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:20:3:25:4 | cookies ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:4:3:8:4 | Cookies ... rt\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:20:3:25:4 | cookies ... rt\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:38:19:43:4 | cookie. ... ",\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:58:3:63:4 | res.coo ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:76:3:82:4 | session ... OK\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:58:3:63:4 | res.coo ... rt\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:76:3:82:4 | session ... rt\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:98:3:106:4 | express ... },\\n }) | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:126:33:126:70 | "authKe ... Secure" | Sensitive cookie with SameSite set to 'None'. |
|
||||
| tst-sameSite.js:134:3:134:17 | document.cookie | Sensitive cookie with SameSite set to 'None'. |
|
||||
|
||||
@@ -8,15 +8,15 @@ edges
|
||||
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | provenance | |
|
||||
| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | |
|
||||
| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | provenance | |
|
||||
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | provenance | |
|
||||
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:32:21:32:28 | postData | provenance | |
|
||||
| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | provenance | |
|
||||
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | provenance | |
|
||||
| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | provenance | |
|
||||
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | provenance | |
|
||||
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | provenance | |
|
||||
| readFileSync.js:7:7:7:25 | s | readFileSync.js:25:18:25:18 | s | provenance | |
|
||||
| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | provenance | |
|
||||
| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | provenance | |
|
||||
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | |
|
||||
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:29:19:29:23 | chunk | provenance | |
|
||||
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | |
|
||||
| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | |
|
||||
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | provenance | |
|
||||
@@ -54,16 +54,16 @@ nodes
|
||||
| bufferRead.js:15:15:15:62 | postData | semmle.label | postData |
|
||||
| bufferRead.js:15:26:15:31 | buffer | semmle.label | buffer |
|
||||
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | semmle.label | buffer. ... esRead) |
|
||||
| bufferRead.js:33:21:33:28 | postData | semmle.label | postData |
|
||||
| bufferRead.js:32:21:32:28 | postData | semmle.label | postData |
|
||||
| readFileSync.js:5:5:5:39 | data | semmle.label | data |
|
||||
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | semmle.label | fs.read ... t.txt") |
|
||||
| readFileSync.js:7:7:7:25 | s | semmle.label | s |
|
||||
| readFileSync.js:7:11:7:14 | data | semmle.label | data |
|
||||
| readFileSync.js:7:11:7:25 | data.toString() | semmle.label | data.toString() |
|
||||
| readFileSync.js:26:18:26:18 | s | semmle.label | s |
|
||||
| readFileSync.js:25:18:25:18 | s | semmle.label | s |
|
||||
| readStreamRead.js:13:13:13:35 | chunk | semmle.label | chunk |
|
||||
| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() |
|
||||
| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk |
|
||||
| readStreamRead.js:29:19:29:23 | chunk | semmle.label | chunk |
|
||||
| request.js:6:19:6:26 | jsonData | semmle.label | jsonData |
|
||||
| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} |
|
||||
| request.js:8:12:8:19 | jsonData | semmle.label | jsonData |
|
||||
@@ -93,9 +93,9 @@ nodes
|
||||
subpaths
|
||||
#select
|
||||
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data |
|
||||
| bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data |
|
||||
| readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data |
|
||||
| readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data |
|
||||
| bufferRead.js:32:21:32:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:32:21:32:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data |
|
||||
| readFileSync.js:25:18:25:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:25:18:25:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data |
|
||||
| readStreamRead.js:29:19:29:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:29:19:29:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data |
|
||||
| request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data |
|
||||
| request.js:16:11:23:3 | {\\n u ... ody\\n } | request.js:43:51:43:54 | data | request.js:16:11:23:3 | {\\n u ... ody\\n } | Outbound network request depends on $@. | request.js:43:51:43:54 | data | file data |
|
||||
| sentAsHeaders.js:14:20:19:9 | {\\n ... } | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:14:20:19:9 | {\\n ... } | Outbound network request depends on $@. | sentAsHeaders.js:10:79:10:84 | buffer | file data |
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
edges
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | |
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // $ ... .env)\\n} | provenance | |
|
||||
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | |
|
||||
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | |
|
||||
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | |
|
||||
@@ -24,7 +24,7 @@ edges
|
||||
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
|
||||
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | |
|
||||
nodes
|
||||
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} |
|
||||
| build-leaks.js:4:39:6:1 | { // $ ... .env)\\n} | semmle.label | { // $ ... .env)\\n} |
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) |
|
||||
| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env |
|
||||
| build-leaks.js:13:11:19:10 | raw | semmle.label | raw |
|
||||
@@ -54,6 +54,6 @@ subpaths
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
|
||||
#select
|
||||
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
|
||||
| build-leaks.js:4:39:6:1 | { // $ ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // $ ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
|
||||
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |
|
||||
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | This creates a build artifact that depends on $@. | build-leaks.js:40:14:40:60 | url.par ... assword | sensitive data returned byan access to current_password |
|
||||
|
||||
@@ -2,7 +2,7 @@ edges
|
||||
| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | provenance | |
|
||||
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | provenance | |
|
||||
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | provenance | |
|
||||
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | provenance | |
|
||||
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:6:26:6:27 | pw | provenance | |
|
||||
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | provenance | |
|
||||
nodes
|
||||
| CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw |
|
||||
@@ -11,7 +11,7 @@ nodes
|
||||
| CleartextStorage2.js:7:33:7:34 | pw | semmle.label | pw |
|
||||
| CleartextStorage.js:5:7:5:40 | pw | semmle.label | pw |
|
||||
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | semmle.label | req.par ... sword") |
|
||||
| CleartextStorage.js:7:26:7:27 | pw | semmle.label | pw |
|
||||
| CleartextStorage.js:6:26:6:27 | pw | semmle.label | pw |
|
||||
| tst-angularjs.js:3:32:3:45 | data1.password | semmle.label | data1.password |
|
||||
| tst-angularjs.js:4:33:4:46 | data2.password | semmle.label | data2.password |
|
||||
| tst-angularjs.js:5:27:5:40 | data3.password | semmle.label | data3.password |
|
||||
@@ -23,7 +23,7 @@ nodes
|
||||
subpaths
|
||||
#select
|
||||
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password |
|
||||
| CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |
|
||||
| CleartextStorage.js:6:26:6:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:6:26:6:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |
|
||||
| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | This stores sensitive data returned by $@ as clear text. | tst-angularjs.js:3:32:3:45 | data1.password | an access to password |
|
||||
| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | This stores sensitive data returned by $@ as clear text. | tst-angularjs.js:4:33:4:46 | data2.password | an access to password |
|
||||
| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | This stores sensitive data returned by $@ as clear text. | tst-angularjs.js:5:27:5:40 | data3.password | an access to password |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
| tst.js:8:3:8:54 | fs.writ ... o600 }) | The file may have changed since it $@. | tst.js:7:6:7:28 | fs.exis ... lePath) | was checked |
|
||||
| tst.js:14:3:14:40 | fs.writ ... ntent") | The file may have changed since it $@. | tst.js:12:15:12:36 | fs.stat ... ePath2) | was checked |
|
||||
| tst.js:18:3:18:40 | fs.writ ... ntent") | The file may have changed since it $@. | tst.js:17:1:19:2 | fs.acce ... T OK\\n}) | was checked |
|
||||
| tst.js:18:3:18:40 | fs.writ ... ntent") | The file may have changed since it $@. | tst.js:17:1:19:2 | fs.acce ... lert\\n}) | was checked |
|
||||
| tst.js:33:3:37:4 | fs.open ... ..\\n }) | The file may have changed since it $@. | tst.js:27:1:38:2 | fs.acce ... });\\n}) | was checked |
|
||||
|
||||
@@ -517,25 +517,25 @@
|
||||
| tst.js:351:15:351:16 | a+ | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a+)* |
|
||||
| tst.js:352:15:352:16 | a* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a*)+b |
|
||||
| tst.js:353:15:353:16 | a+ | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a+)+ |
|
||||
| tst.js:372:16:372:21 | [^"]*? | Strings starting with '"' and with many repetitions of '""' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+(?=\\s*\|\\s*$)X |
|
||||
| tst.js:371:16:371:21 | [^"]*? | Strings starting with '"' and with many repetitions of '""' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+(?=\\s*\|\\s*$)X |
|
||||
| tst.js:371:24:371:30 | [^"\\s]+ | Strings with many repetitions of '!' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+ |
|
||||
| tst.js:372:16:372:21 | [^"]*? | Strings starting with '"' and with many repetitions of '""' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+(?=X) |
|
||||
| tst.js:372:24:372:30 | [^"\\s]+ | Strings with many repetitions of '!' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+ |
|
||||
| tst.js:373:16:373:21 | [^"]*? | Strings starting with '"' and with many repetitions of '""' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+(?=X) |
|
||||
| tst.js:373:24:373:30 | [^"\\s]+ | Strings with many repetitions of '!' can start matching anywhere after the start of the preceeding ("[^"]*?"\|[^"\\s]+)+ |
|
||||
| tst.js:374:15:374:16 | x* | Strings with many repetitions of 'x' can start matching anywhere after the start of the preceeding (x*)+(?=$) |
|
||||
| tst.js:375:15:375:16 | x* | Strings with many repetitions of 'x' can start matching anywhere after the start of the preceeding (x*)+(?=$\|y) |
|
||||
| tst.js:378:16:378:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$) |
|
||||
| tst.js:379:16:379:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$\|y) |
|
||||
| tst.js:381:15:381:24 | (foo\|FOO)* | Strings with many repetitions of 'FOO' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar |
|
||||
| tst.js:382:14:382:23 | (foo\|FOO)* | Strings with many repetitions of 'foo' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar |
|
||||
| tst.js:384:15:384:26 | ([AB]\|[ab])* | Strings with many repetitions of 'A' can start matching anywhere after the start of the preceeding ([AB]\|[ab])*C |
|
||||
| tst.js:385:14:385:25 | ([DE]\|[de])* | Strings with many repetitions of 'd' can start matching anywhere after the start of the preceeding ([DE]\|[de])*F |
|
||||
| tst.js:388:14:388:20 | (a\|aa)* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a\|aa)*$ |
|
||||
| tst.js:391:6:394:5 | (a\|aa)* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a\|aa)*b$ |
|
||||
| tst.js:398:6:398:12 | (c\|cc)* | Strings with many repetitions of 'c' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:399:6:399:12 | (d\|dd)* | Strings with many repetitions of 'd' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:400:6:401:1 | (e\|ee)* | Strings with many repetitions of 'e' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:404:6:405:7 | (g\|gg)* | Strings with many repetitions of 'g' can start matching anywhere after the start of the preceeding (g\|gg)*h$ |
|
||||
| tst.js:407:128:407:129 | * | Strings starting with '0/*' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s* |
|
||||
| tst.js:409:23:409:29 | [\\w.-]* | Strings starting with '//' and with many repetitions of '//' can start matching anywhere after the start of the preceeding (\\/(?:\\/[\\w.-]*)*){0,1}:([\\w.-]+) |
|
||||
| tst.js:411:15:411:19 | a{1,} | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a{1,})* |
|
||||
| tst.js:417:20:417:25 | (aa?)* | Strings with many repetitions of 'aa' can start matching anywhere after the start of the preceeding (aa?)*b |
|
||||
| tst.js:373:15:373:16 | x* | Strings with many repetitions of 'x' can start matching anywhere after the start of the preceeding (x*)+(?=$) |
|
||||
| tst.js:374:15:374:16 | x* | Strings with many repetitions of 'x' can start matching anywhere after the start of the preceeding (x*)+(?=$\|y) |
|
||||
| tst.js:377:16:377:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$) |
|
||||
| tst.js:378:16:378:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$\|y) |
|
||||
| tst.js:380:15:380:24 | (foo\|FOO)* | Strings with many repetitions of 'FOO' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar |
|
||||
| tst.js:381:14:381:23 | (foo\|FOO)* | Strings with many repetitions of 'foo' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar |
|
||||
| tst.js:383:15:383:26 | ([AB]\|[ab])* | Strings with many repetitions of 'A' can start matching anywhere after the start of the preceeding ([AB]\|[ab])*C |
|
||||
| tst.js:384:14:384:25 | ([DE]\|[de])* | Strings with many repetitions of 'd' can start matching anywhere after the start of the preceeding ([DE]\|[de])*F |
|
||||
| tst.js:387:14:387:20 | (a\|aa)* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a\|aa)*$ |
|
||||
| tst.js:390:6:393:5 | (a\|aa)* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a\|aa)*b$ |
|
||||
| tst.js:397:6:397:12 | (c\|cc)* | Strings with many repetitions of 'c' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:398:6:398:12 | (d\|dd)* | Strings with many repetitions of 'd' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:399:6:400:1 | (e\|ee)* | Strings with many repetitions of 'e' can start matching anywhere after the start of the preceeding ((c\|cc)*\|(d\|dd)*\|(e\|ee)*)f$ |
|
||||
| tst.js:403:6:404:7 | (g\|gg)* | Strings with many repetitions of 'g' can start matching anywhere after the start of the preceeding (g\|gg)*h$ |
|
||||
| tst.js:406:128:406:129 | * | Strings starting with '0/*' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s* |
|
||||
| tst.js:408:23:408:29 | [\\w.-]* | Strings starting with '//' and with many repetitions of '//' can start matching anywhere after the start of the preceeding (\\/(?:\\/[\\w.-]*)*){0,1}:([\\w.-]+) |
|
||||
| tst.js:410:15:410:19 | a{1,} | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding (a{1,})* |
|
||||
| tst.js:416:20:416:25 | (aa?)* | Strings with many repetitions of 'aa' can start matching anywhere after the start of the preceeding (aa?)*b |
|
||||
|
||||
@@ -329,10 +329,10 @@ edges
|
||||
| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | |
|
||||
| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | |
|
||||
| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | provenance | |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... os]\\n\\t}) [tainted] | provenance | |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | provenance | |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | |
|
||||
| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | provenance | |
|
||||
| polynomial-redos.js:120:2:125:3 | (functi ... os]\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | provenance | |
|
||||
| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | provenance | |
|
||||
| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | provenance | |
|
||||
| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | provenance | |
|
||||
@@ -555,7 +555,7 @@ nodes
|
||||
| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted |
|
||||
| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted |
|
||||
| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | semmle.label | (functi ... OK\\n\\t}) [tainted] |
|
||||
| polynomial-redos.js:120:2:125:3 | (functi ... os]\\n\\t}) [tainted] | semmle.label | (functi ... os]\\n\\t}) [tainted] |
|
||||
| polynomial-redos.js:121:7:121:55 | replaced | semmle.label | replaced |
|
||||
| polynomial-redos.js:121:18:121:24 | tainted | semmle.label | tainted |
|
||||
| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | semmle.label | tainted ... /g, '') |
|
||||
|
||||
@@ -182,23 +182,23 @@
|
||||
| tst.js:361:15:361:33 | ((?:a{0\|-)\|\\w\\{\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0'. |
|
||||
| tst.js:362:15:362:35 | ((?:a{0,\|-)\|\\w\\{\\d,)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,'. |
|
||||
| tst.js:363:15:363:38 | ((?:a{0,2\|-)\|\\w\\{\\d,\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,2'. |
|
||||
| tst.js:371:24:371:30 | [^"\\s]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '!'. |
|
||||
| tst.js:372:24:372:30 | [^"\\s]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '!'. |
|
||||
| tst.js:373:24:373:30 | [^"\\s]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '!'. |
|
||||
| tst.js:373:15:373:16 | x* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'x'. |
|
||||
| tst.js:374:15:374:16 | x* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'x'. |
|
||||
| tst.js:375:15:375:16 | x* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'x'. |
|
||||
| tst.js:377:16:377:22 | [\\s\\S]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
|
||||
| tst.js:378:16:378:22 | [\\s\\S]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
|
||||
| tst.js:379:16:379:22 | [\\s\\S]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
|
||||
| tst.js:382:14:382:23 | (foo\|FOO)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'foo'. |
|
||||
| tst.js:385:14:385:25 | ([DE]\|[de])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'd'. |
|
||||
| tst.js:387:27:387:33 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:388:14:388:20 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:391:6:394:5 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:398:6:398:12 | (c\|cc)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'cc'. |
|
||||
| tst.js:399:6:399:12 | (d\|dd)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'dd'. |
|
||||
| tst.js:400:6:401:1 | (e\|ee)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ee'. |
|
||||
| tst.js:404:6:405:7 | (g\|gg)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'gg'. |
|
||||
| tst.js:407:125:407:127 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0/*' and containing many repetitions of ' ;0'. |
|
||||
| tst.js:411:15:411:19 | a{1,} | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
|
||||
| tst.js:413:25:413:35 | (\\u0000\|.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\n\\u0000' and containing many repetitions of '\\u0000'. |
|
||||
| tst.js:415:44:415:57 | (\ud83d\ude80\|.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\n\\u{1f680}' and containing many repetitions of '\\u{1f680}'. |
|
||||
| tst.js:417:22:417:23 | a? | This part of the regular expression may cause exponential backtracking on strings starting with 'a' and containing many repetitions of 'aa'. |
|
||||
| tst.js:381:14:381:23 | (foo\|FOO)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'foo'. |
|
||||
| tst.js:384:14:384:25 | ([DE]\|[de])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'd'. |
|
||||
| tst.js:386:27:386:33 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:387:14:387:20 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:390:6:393:5 | (a\|aa)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'. |
|
||||
| tst.js:397:6:397:12 | (c\|cc)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'cc'. |
|
||||
| tst.js:398:6:398:12 | (d\|dd)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'dd'. |
|
||||
| tst.js:399:6:400:1 | (e\|ee)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'ee'. |
|
||||
| tst.js:403:6:404:7 | (g\|gg)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'gg'. |
|
||||
| tst.js:406:125:406:127 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '0/*' and containing many repetitions of ' ;0'. |
|
||||
| tst.js:410:15:410:19 | a{1,} | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
|
||||
| tst.js:412:25:412:35 | (\\u0000\|.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\n\\u0000' and containing many repetitions of '\\u0000'. |
|
||||
| tst.js:414:44:414:57 | (\ud83d\ude80\|.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\n\\u{1f680}' and containing many repetitions of '\\u{1f680}'. |
|
||||
| tst.js:416:22:416:23 | a? | This part of the regular expression may cause exponential backtracking on strings starting with 'a' and containing many repetitions of 'aa'. |
|
||||
|
||||
@@ -48,32 +48,32 @@ nodes
|
||||
| sanitizer.js:37:27:37:29 | url | semmle.label | url |
|
||||
| tst2.js:2:7:2:33 | href | semmle.label | href |
|
||||
| tst2.js:2:14:2:33 | window.location.href | semmle.label | window.location.href |
|
||||
| tst2.js:4:21:4:24 | href | semmle.label | href |
|
||||
| tst2.js:4:21:4:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) |
|
||||
| tst2.js:3:21:3:24 | href | semmle.label | href |
|
||||
| tst2.js:3:21:3:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) |
|
||||
| tst6.js:2:7:2:45 | redirect | semmle.label | redirect |
|
||||
| tst6.js:2:18:2:45 | $locati ... irect') | semmle.label | $locati ... irect') |
|
||||
| tst6.js:4:21:4:28 | redirect | semmle.label | redirect |
|
||||
| tst6.js:6:17:6:24 | redirect | semmle.label | redirect |
|
||||
| tst6.js:8:21:8:48 | $locati ... irect') | semmle.label | $locati ... irect') |
|
||||
| tst6.js:8:21:8:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" |
|
||||
| tst7.js:2:12:2:35 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst7.js:2:12:2:48 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst7.js:5:27:5:50 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst7.js:5:27:5:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst9.js:2:21:2:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst9.js:2:21:2:55 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:5:17:5:59 | '/' + d ... ring(1) | semmle.label | '/' + d ... ring(1) |
|
||||
| tst10.js:5:23:5:46 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:5:23:5:59 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:8:17:8:60 | '//' + ... ring(1) | semmle.label | '//' + ... ring(1) |
|
||||
| tst10.js:8:24:8:47 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:8:24:8:60 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:11:17:11:63 | '//foo' ... ring(1) | semmle.label | '//foo' ... ring(1) |
|
||||
| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:11:27:11:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:14:17:14:69 | 'https: ... ring(1) | semmle.label | 'https: ... ring(1) |
|
||||
| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:14:33:14:69 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst6.js:3:21:3:28 | redirect | semmle.label | redirect |
|
||||
| tst6.js:4:17:4:24 | redirect | semmle.label | redirect |
|
||||
| tst6.js:5:21:5:48 | $locati ... irect') | semmle.label | $locati ... irect') |
|
||||
| tst6.js:5:21:5:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" |
|
||||
| tst7.js:1:12:1:35 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst7.js:1:12:1:48 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst7.js:3:27:3:50 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst7.js:3:27:3:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst9.js:1:21:1:42 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst9.js:1:21:1:55 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:4:17:4:59 | '/' + d ... ring(1) | semmle.label | '/' + d ... ring(1) |
|
||||
| tst10.js:4:23:4:46 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:4:23:4:59 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:6:17:6:60 | '//' + ... ring(1) | semmle.label | '//' + ... ring(1) |
|
||||
| tst10.js:6:24:6:47 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:6:24:6:60 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:8:17:8:63 | '//foo' ... ring(1) | semmle.label | '//foo' ... ring(1) |
|
||||
| tst10.js:8:27:8:50 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:8:27:8:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst10.js:10:17:10:69 | 'https: ... ring(1) | semmle.label | 'https: ... ring(1) |
|
||||
| tst10.js:10:33:10:56 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst10.js:10:33:10:69 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst13.js:2:9:2:52 | payload | semmle.label | payload |
|
||||
| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search |
|
||||
| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
|
||||
@@ -155,27 +155,27 @@ nodes
|
||||
| tst16.js:7:21:7:57 | queryst ... search) | semmle.label | queryst ... search) |
|
||||
| tst16.js:7:21:7:62 | queryst ... h).data | semmle.label | queryst ... h).data |
|
||||
| tst16.js:7:42:7:56 | location.search | semmle.label | location.search |
|
||||
| tst.js:2:19:2:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) |
|
||||
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] |
|
||||
| tst.js:2:47:2:68 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:6:20:6:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:6:20:6:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:6:34:6:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:10:19:10:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:10:19:10:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:10:59:10:80 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:14:20:14:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:14:20:14:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:14:34:14:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:18:19:18:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:18:19:18:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:18:59:18:80 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:22:20:22:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:22:20:22:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:22:34:22:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href |
|
||||
| tst.js:1:19:1:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) |
|
||||
| tst.js:1:19:1:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] |
|
||||
| tst.js:1:47:1:68 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:5:20:5:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:5:20:5:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:5:34:5:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:8:19:8:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:8:19:8:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:8:59:8:80 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:12:20:12:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:12:20:12:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:12:34:12:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:15:19:15:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:15:19:15:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:15:59:15:80 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:19:20:19:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
|
||||
| tst.js:19:20:19:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
|
||||
| tst.js:19:34:19:55 | documen ... on.href | semmle.label | documen ... on.href |
|
||||
| tst.js:23:22:23:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
|
||||
| tst.js:23:22:23:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
|
||||
| tst.js:23:62:23:78 | win.location.href | semmle.label | win.location.href |
|
||||
| typed.ts:4:13:4:49 | params | semmle.label | params |
|
||||
| typed.ts:4:22:4:36 | location.search | semmle.label | location.search |
|
||||
| typed.ts:4:22:4:49 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
|
||||
@@ -230,24 +230,24 @@ edges
|
||||
| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | provenance | |
|
||||
| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | provenance | |
|
||||
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | provenance | |
|
||||
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | provenance | |
|
||||
| tst2.js:2:7:2:33 | href | tst2.js:3:21:3:24 | href | provenance | |
|
||||
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | provenance | |
|
||||
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | provenance | Config |
|
||||
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | provenance | |
|
||||
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | provenance | |
|
||||
| tst2.js:3:21:3:24 | href | tst2.js:3:21:3:55 | href.su ... '?')+1) | provenance | Config |
|
||||
| tst6.js:2:7:2:45 | redirect | tst6.js:3:21:3:28 | redirect | provenance | |
|
||||
| tst6.js:2:7:2:45 | redirect | tst6.js:4:17:4:24 | redirect | provenance | |
|
||||
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | provenance | |
|
||||
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | provenance | |
|
||||
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | provenance | Config |
|
||||
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | provenance | Config |
|
||||
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:23:5:59 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:5:23:5:59 | documen ... ring(1) | tst10.js:5:17:5:59 | '/' + d ... ring(1) | provenance | |
|
||||
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:24:8:60 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:8:24:8:60 | documen ... ring(1) | tst10.js:8:17:8:60 | '//' + ... ring(1) | provenance | |
|
||||
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:27:11:63 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:11:27:11:63 | documen ... ring(1) | tst10.js:11:17:11:63 | '//foo' ... ring(1) | provenance | |
|
||||
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:33:14:69 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:14:33:14:69 | documen ... ring(1) | tst10.js:14:17:14:69 | 'https: ... ring(1) | provenance | |
|
||||
| tst6.js:5:21:5:48 | $locati ... irect') | tst6.js:5:21:5:56 | $locati ... + "foo" | provenance | |
|
||||
| tst7.js:1:12:1:35 | documen ... .search | tst7.js:1:12:1:48 | documen ... ring(1) | provenance | Config |
|
||||
| tst7.js:3:27:3:50 | documen ... .search | tst7.js:3:27:3:63 | documen ... ring(1) | provenance | Config |
|
||||
| tst9.js:1:21:1:42 | documen ... on.hash | tst9.js:1:21:1:55 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:4:23:4:46 | documen ... .search | tst10.js:4:23:4:59 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:4:23:4:59 | documen ... ring(1) | tst10.js:4:17:4:59 | '/' + d ... ring(1) | provenance | |
|
||||
| tst10.js:6:24:6:47 | documen ... .search | tst10.js:6:24:6:60 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:6:24:6:60 | documen ... ring(1) | tst10.js:6:17:6:60 | '//' + ... ring(1) | provenance | |
|
||||
| tst10.js:8:27:8:50 | documen ... .search | tst10.js:8:27:8:63 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:8:27:8:63 | documen ... ring(1) | tst10.js:8:17:8:63 | '//foo' ... ring(1) | provenance | |
|
||||
| tst10.js:10:33:10:56 | documen ... .search | tst10.js:10:33:10:69 | documen ... ring(1) | provenance | Config |
|
||||
| tst10.js:10:33:10:69 | documen ... ring(1) | tst10.js:10:17:10:69 | 'https: ... ring(1) | provenance | |
|
||||
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | |
|
||||
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | |
|
||||
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | |
|
||||
@@ -316,20 +316,20 @@ edges
|
||||
| tst16.js:6:41:6:55 | location.search | tst16.js:6:21:6:56 | querySt ... search) | provenance | Config |
|
||||
| tst16.js:7:21:7:57 | queryst ... search) | tst16.js:7:21:7:62 | queryst ... h).data | provenance | |
|
||||
| tst16.js:7:42:7:56 | location.search | tst16.js:7:21:7:57 | queryst ... search) | provenance | Config |
|
||||
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | provenance | |
|
||||
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | provenance | Config |
|
||||
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | provenance | Config |
|
||||
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | provenance | Config |
|
||||
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config |
|
||||
| tst.js:1:19:1:69 | /.*redi ... n.href) | tst.js:1:19:1:72 | /.*redi ... ref)[1] | provenance | |
|
||||
| tst.js:1:47:1:68 | documen ... on.href | tst.js:1:19:1:69 | /.*redi ... n.href) | provenance | Config |
|
||||
| tst.js:5:20:5:56 | indirec ... n.href) | tst.js:5:20:5:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:5:34:5:55 | documen ... on.href | tst.js:5:20:5:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:8:19:8:81 | new Reg ... n.href) | tst.js:8:19:8:84 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:8:59:8:80 | documen ... on.href | tst.js:8:19:8:81 | new Reg ... n.href) | provenance | Config |
|
||||
| tst.js:12:20:12:56 | indirec ... n.href) | tst.js:12:20:12:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:12:34:12:55 | documen ... on.href | tst.js:12:20:12:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:15:19:15:81 | new Reg ... n.href) | tst.js:15:19:15:84 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:15:59:15:80 | documen ... on.href | tst.js:15:19:15:81 | new Reg ... n.href) | provenance | Config |
|
||||
| tst.js:19:20:19:56 | indirec ... n.href) | tst.js:19:20:19:59 | indirec ... ref)[1] | provenance | |
|
||||
| tst.js:19:34:19:55 | documen ... on.href | tst.js:19:20:19:56 | indirec ... n.href) | provenance | Config |
|
||||
| tst.js:23:22:23:79 | new Reg ... n.href) | tst.js:23:22:23:82 | new Reg ... ref)[1] | provenance | |
|
||||
| tst.js:23:62:23:78 | win.location.href | tst.js:23:22:23:79 | new Reg ... n.href) | provenance | Config |
|
||||
| typed.ts:4:13:4:49 | params | typed.ts:5:25:5:30 | params | provenance | |
|
||||
| typed.ts:4:22:4:36 | location.search | typed.ts:4:22:4:49 | locatio ... ring(1) | provenance | Config |
|
||||
| typed.ts:4:22:4:49 | locatio ... ring(1) | typed.ts:4:13:4:49 | params | provenance | |
|
||||
@@ -365,17 +365,17 @@ subpaths
|
||||
| sanitizer.js:28:27:28:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:28:27:28:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
|
||||
| sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
|
||||
| sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
|
||||
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value |
|
||||
| tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
|
||||
| tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
|
||||
| tst6.js:8:21:8:56 | $locati ... + "foo" | tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | Untrusted URL redirection depends on a $@. | tst6.js:8:21:8:48 | $locati ... irect') | user-provided value |
|
||||
| tst7.js:2:12:2:48 | documen ... ring(1) | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value |
|
||||
| tst7.js:5:27:5:63 | documen ... ring(1) | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value |
|
||||
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst9.js:2:21:2:42 | documen ... on.hash | user-provided value |
|
||||
| tst10.js:5:17:5:59 | '/' + d ... ring(1) | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:59 | '/' + d ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value |
|
||||
| tst10.js:8:17:8:60 | '//' + ... ring(1) | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:60 | '//' + ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value |
|
||||
| tst10.js:11:17:11:63 | '//foo' ... ring(1) | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:63 | '//foo' ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value |
|
||||
| tst10.js:14:17:14:69 | 'https: ... ring(1) | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:69 | 'https: ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value |
|
||||
| tst2.js:3:21:3:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:3:21:3:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value |
|
||||
| tst6.js:3:21:3:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:3:21:3:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
|
||||
| tst6.js:4:17:4:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:17:4:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
|
||||
| tst6.js:5:21:5:56 | $locati ... + "foo" | tst6.js:5:21:5:48 | $locati ... irect') | tst6.js:5:21:5:56 | $locati ... + "foo" | Untrusted URL redirection depends on a $@. | tst6.js:5:21:5:48 | $locati ... irect') | user-provided value |
|
||||
| tst7.js:1:12:1:48 | documen ... ring(1) | tst7.js:1:12:1:35 | documen ... .search | tst7.js:1:12:1:48 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:1:12:1:35 | documen ... .search | user-provided value |
|
||||
| tst7.js:3:27:3:63 | documen ... ring(1) | tst7.js:3:27:3:50 | documen ... .search | tst7.js:3:27:3:63 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:3:27:3:50 | documen ... .search | user-provided value |
|
||||
| tst9.js:1:21:1:55 | documen ... ring(1) | tst9.js:1:21:1:42 | documen ... on.hash | tst9.js:1:21:1:55 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst9.js:1:21:1:42 | documen ... on.hash | user-provided value |
|
||||
| tst10.js:4:17:4:59 | '/' + d ... ring(1) | tst10.js:4:23:4:46 | documen ... .search | tst10.js:4:17:4:59 | '/' + d ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:4:23:4:46 | documen ... .search | user-provided value |
|
||||
| tst10.js:6:17:6:60 | '//' + ... ring(1) | tst10.js:6:24:6:47 | documen ... .search | tst10.js:6:17:6:60 | '//' + ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:6:24:6:47 | documen ... .search | user-provided value |
|
||||
| tst10.js:8:17:8:63 | '//foo' ... ring(1) | tst10.js:8:27:8:50 | documen ... .search | tst10.js:8:17:8:63 | '//foo' ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:8:27:8:50 | documen ... .search | user-provided value |
|
||||
| tst10.js:10:17:10:69 | 'https: ... ring(1) | tst10.js:10:33:10:56 | documen ... .search | tst10.js:10:17:10:69 | 'https: ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:10:33:10:56 | documen ... .search | user-provided value |
|
||||
| tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:4:15:4:21 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
|
||||
| tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:8:21:8:27 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
|
||||
| tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:12:14:12:20 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
|
||||
@@ -408,13 +408,13 @@ subpaths
|
||||
| tst16.js:5:21:5:59 | querySt ... h).data | tst16.js:5:39:5:53 | location.search | tst16.js:5:21:5:59 | querySt ... h).data | Untrusted URL redirection depends on a $@. | tst16.js:5:39:5:53 | location.search | user-provided value |
|
||||
| tst16.js:6:21:6:56 | querySt ... search) | tst16.js:6:41:6:55 | location.search | tst16.js:6:21:6:56 | querySt ... search) | Untrusted URL redirection depends on a $@. | tst16.js:6:41:6:55 | location.search | user-provided value |
|
||||
| tst16.js:7:21:7:62 | queryst ... h).data | tst16.js:7:42:7:56 | location.search | tst16.js:7:21:7:62 | queryst ... h).data | Untrusted URL redirection depends on a $@. | tst16.js:7:42:7:56 | location.search | user-provided value |
|
||||
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value |
|
||||
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value |
|
||||
| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value |
|
||||
| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value |
|
||||
| tst.js:1:19:1:72 | /.*redi ... ref)[1] | tst.js:1:47:1:68 | documen ... on.href | tst.js:1:19:1:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:1:47:1:68 | documen ... on.href | user-provided value |
|
||||
| tst.js:5:20:5:59 | indirec ... ref)[1] | tst.js:5:34:5:55 | documen ... on.href | tst.js:5:20:5:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:5:34:5:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:8:19:8:84 | new Reg ... ref)[1] | tst.js:8:59:8:80 | documen ... on.href | tst.js:8:19:8:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:8:59:8:80 | documen ... on.href | user-provided value |
|
||||
| tst.js:12:20:12:59 | indirec ... ref)[1] | tst.js:12:34:12:55 | documen ... on.href | tst.js:12:20:12:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:12:34:12:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:15:19:15:84 | new Reg ... ref)[1] | tst.js:15:59:15:80 | documen ... on.href | tst.js:15:19:15:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:15:59:15:80 | documen ... on.href | user-provided value |
|
||||
| tst.js:19:20:19:59 | indirec ... ref)[1] | tst.js:19:34:19:55 | documen ... on.href | tst.js:19:20:19:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:19:34:19:55 | documen ... on.href | user-provided value |
|
||||
| tst.js:23:22:23:82 | new Reg ... ref)[1] | tst.js:23:62:23:78 | win.location.href | tst.js:23:22:23:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:23:62:23:78 | win.location.href | user-provided value |
|
||||
| typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value |
|
||||
| typed.ts:29:33:29:43 | redirectUri | typed.ts:25:25:25:34 | loc.search | typed.ts:29:33:29:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:25:25:25:34 | loc.search | user-provided value |
|
||||
| typed.ts:52:33:52:43 | redirectUri | typed.ts:47:25:47:34 | loc.search | typed.ts:52:33:52:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:47:25:47:34 | loc.search | user-provided value |
|
||||
|
||||
@@ -1,33 +1,33 @@
|
||||
edges
|
||||
| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | provenance | |
|
||||
| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | provenance | |
|
||||
| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | provenance | |
|
||||
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | provenance | |
|
||||
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | provenance | |
|
||||
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | provenance | |
|
||||
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | provenance | |
|
||||
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | provenance | |
|
||||
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | provenance | |
|
||||
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | provenance | |
|
||||
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | provenance | |
|
||||
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:118:16:118:63 | [req.qu ... ection] [0] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | provenance | |
|
||||
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] [0] | provenance | |
|
||||
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | provenance | |
|
||||
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | provenance | |
|
||||
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | provenance | |
|
||||
| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | provenance | |
|
||||
| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | provenance | |
|
||||
| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | provenance | |
|
||||
| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | provenance | |
|
||||
| express.js:164:7:164:54 | myThing [ArrayElement] | express.js:165:16:165:22 | myThing | provenance | |
|
||||
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | provenance | |
|
||||
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | provenance | |
|
||||
| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | provenance | |
|
||||
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | express.js:164:7:164:54 | myThing [ArrayElement] | provenance | |
|
||||
| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | provenance | |
|
||||
| express.js:25:7:25:34 | target | express.js:28:18:28:23 | target | provenance | |
|
||||
| express.js:25:7:25:34 | target | express.js:30:18:30:23 | target | provenance | |
|
||||
| express.js:25:7:25:34 | target | express.js:31:16:31:21 | target | provenance | |
|
||||
| express.js:25:16:25:34 | req.param("target") | express.js:25:7:25:34 | target | provenance | |
|
||||
| express.js:35:69:35:87 | req.param('action') | express.js:35:16:35:108 | (req.pa ... ntacts" | provenance | |
|
||||
| express.js:68:19:68:37 | req.param("target") | express.js:68:16:68:43 | `${req. ... )}/foo` | provenance | |
|
||||
| express.js:77:7:77:34 | target | express.js:83:18:83:23 | target | provenance | |
|
||||
| express.js:77:7:77:34 | target | express.js:89:16:89:21 | target | provenance | |
|
||||
| express.js:77:16:77:34 | req.param("target") | express.js:77:7:77:34 | target | provenance | |
|
||||
| express.js:109:16:109:63 | [req.qu ... ection] | express.js:109:16:109:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:109:16:109:63 | [req.qu ... ection] [0] | express.js:109:16:109:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:109:17:109:30 | req.query.page | express.js:109:16:109:63 | [req.qu ... ection] | provenance | |
|
||||
| express.js:109:17:109:30 | req.query.page | express.js:109:16:109:63 | [req.qu ... ection] [0] | provenance | |
|
||||
| express.js:109:17:109:30 | req.query.page | express.js:109:16:109:72 | [req.qu ... oin('') | provenance | |
|
||||
| express.js:124:22:124:36 | req.params.user | express.js:124:16:124:36 | '/' + r ... ms.user | provenance | |
|
||||
| express.js:125:23:125:37 | req.params.user | express.js:125:16:125:37 | '//' + ... ms.user | provenance | |
|
||||
| express.js:126:22:126:36 | req.params.user | express.js:126:16:126:36 | 'u' + r ... ms.user | provenance | |
|
||||
| express.js:140:7:140:34 | target | express.js:145:18:145:23 | target | provenance | |
|
||||
| express.js:140:7:140:34 | target | express.js:150:18:150:23 | target | provenance | |
|
||||
| express.js:140:16:140:34 | req.param("target") | express.js:140:7:140:34 | target | provenance | |
|
||||
| express.js:154:7:154:54 | myThing | express.js:155:16:155:22 | myThing | provenance | |
|
||||
| express.js:154:7:154:54 | myThing [ArrayElement] | express.js:155:16:155:22 | myThing | provenance | |
|
||||
| express.js:154:17:154:41 | JSON.st ... .query) | express.js:154:17:154:54 | JSON.st ... (1, -1) | provenance | |
|
||||
| express.js:154:17:154:41 | JSON.st ... .query) | express.js:154:17:154:54 | JSON.st ... (1, -1) [ArrayElement] | provenance | |
|
||||
| express.js:154:17:154:54 | JSON.st ... (1, -1) | express.js:154:7:154:54 | myThing | provenance | |
|
||||
| express.js:154:17:154:54 | JSON.st ... (1, -1) [ArrayElement] | express.js:154:7:154:54 | myThing [ArrayElement] | provenance | |
|
||||
| express.js:154:32:154:40 | req.query | express.js:154:17:154:41 | JSON.st ... .query) | provenance | |
|
||||
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | provenance | |
|
||||
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | provenance | |
|
||||
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | provenance | |
|
||||
@@ -38,60 +38,60 @@ edges
|
||||
| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | provenance | |
|
||||
| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | provenance | |
|
||||
| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | provenance | |
|
||||
| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | provenance | |
|
||||
| node.js:10:7:10:52 | target | node.js:13:40:13:45 | target | provenance | |
|
||||
| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | provenance | |
|
||||
| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | provenance | |
|
||||
| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | provenance | |
|
||||
| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | provenance | |
|
||||
| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | provenance | |
|
||||
| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | provenance | |
|
||||
| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | provenance | |
|
||||
| node.js:13:40:13:45 | target | node.js:13:34:13:45 | '/' + target | provenance | |
|
||||
| node.js:27:7:27:52 | target | node.js:29:34:29:39 | target | provenance | |
|
||||
| node.js:27:16:27:39 | url.par ... , true) | node.js:27:7:27:52 | target | provenance | |
|
||||
| node.js:27:26:27:32 | req.url | node.js:27:16:27:39 | url.par ... , true) | provenance | |
|
||||
| node.js:29:34:29:39 | target | node.js:29:34:29:55 | target ... =" + me | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | provenance | |
|
||||
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | provenance | |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
|
||||
nodes
|
||||
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | semmle.label | req.query["target"] |
|
||||
| ServerSideUrlRedirect.js:4:16:4:34 | req.query["target"] | semmle.label | req.query["target"] |
|
||||
| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | semmle.label | target |
|
||||
| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | semmle.label | req.query["target"] |
|
||||
| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | semmle.label | target |
|
||||
| express.js:7:16:7:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:12:26:12:44 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:27:7:27:34 | target | semmle.label | target |
|
||||
| express.js:27:16:27:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:6:16:6:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:10:26:10:44 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:25:7:25:34 | target | semmle.label | target |
|
||||
| express.js:25:16:25:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:28:18:28:23 | target | semmle.label | target |
|
||||
| express.js:30:18:30:23 | target | semmle.label | target |
|
||||
| express.js:33:18:33:23 | target | semmle.label | target |
|
||||
| express.js:35:16:35:21 | target | semmle.label | target |
|
||||
| express.js:40:16:40:108 | (req.pa ... ntacts" | semmle.label | (req.pa ... ntacts" |
|
||||
| express.js:40:69:40:87 | req.param('action') | semmle.label | req.param('action') |
|
||||
| express.js:74:16:74:43 | `${req. ... )}/foo` | semmle.label | `${req. ... )}/foo` |
|
||||
| express.js:74:19:74:37 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:83:7:83:34 | target | semmle.label | target |
|
||||
| express.js:83:16:83:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:90:18:90:23 | target | semmle.label | target |
|
||||
| express.js:97:16:97:21 | target | semmle.label | target |
|
||||
| express.js:118:16:118:63 | [req.qu ... ection] | semmle.label | [req.qu ... ection] |
|
||||
| express.js:118:16:118:63 | [req.qu ... ection] [0] | semmle.label | [req.qu ... ection] [0] |
|
||||
| express.js:118:16:118:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') |
|
||||
| express.js:118:17:118:30 | req.query.page | semmle.label | req.query.page |
|
||||
| express.js:134:16:134:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user |
|
||||
| express.js:134:22:134:36 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:135:16:135:37 | '//' + ... ms.user | semmle.label | '//' + ... ms.user |
|
||||
| express.js:135:23:135:37 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:136:16:136:36 | 'u' + r ... ms.user | semmle.label | 'u' + r ... ms.user |
|
||||
| express.js:136:22:136:36 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:143:16:143:28 | req.query.foo | semmle.label | req.query.foo |
|
||||
| express.js:146:16:146:24 | query.foo | semmle.label | query.foo |
|
||||
| express.js:150:7:150:34 | target | semmle.label | target |
|
||||
| express.js:150:16:150:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:155:18:155:23 | target | semmle.label | target |
|
||||
| express.js:160:18:160:23 | target | semmle.label | target |
|
||||
| express.js:164:7:164:54 | myThing | semmle.label | myThing |
|
||||
| express.js:164:7:164:54 | myThing [ArrayElement] | semmle.label | myThing [ArrayElement] |
|
||||
| express.js:164:17:164:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) |
|
||||
| express.js:164:17:164:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) |
|
||||
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | semmle.label | JSON.st ... (1, -1) [ArrayElement] |
|
||||
| express.js:164:32:164:40 | req.query | semmle.label | req.query |
|
||||
| express.js:165:16:165:22 | myThing | semmle.label | myThing |
|
||||
| express.js:31:16:31:21 | target | semmle.label | target |
|
||||
| express.js:35:16:35:108 | (req.pa ... ntacts" | semmle.label | (req.pa ... ntacts" |
|
||||
| express.js:35:69:35:87 | req.param('action') | semmle.label | req.param('action') |
|
||||
| express.js:68:16:68:43 | `${req. ... )}/foo` | semmle.label | `${req. ... )}/foo` |
|
||||
| express.js:68:19:68:37 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:77:7:77:34 | target | semmle.label | target |
|
||||
| express.js:77:16:77:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:83:18:83:23 | target | semmle.label | target |
|
||||
| express.js:89:16:89:21 | target | semmle.label | target |
|
||||
| express.js:109:16:109:63 | [req.qu ... ection] | semmle.label | [req.qu ... ection] |
|
||||
| express.js:109:16:109:63 | [req.qu ... ection] [0] | semmle.label | [req.qu ... ection] [0] |
|
||||
| express.js:109:16:109:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') |
|
||||
| express.js:109:17:109:30 | req.query.page | semmle.label | req.query.page |
|
||||
| express.js:124:16:124:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user |
|
||||
| express.js:124:22:124:36 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:125:16:125:37 | '//' + ... ms.user | semmle.label | '//' + ... ms.user |
|
||||
| express.js:125:23:125:37 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:126:16:126:36 | 'u' + r ... ms.user | semmle.label | 'u' + r ... ms.user |
|
||||
| express.js:126:22:126:36 | req.params.user | semmle.label | req.params.user |
|
||||
| express.js:133:16:133:28 | req.query.foo | semmle.label | req.query.foo |
|
||||
| express.js:136:16:136:24 | query.foo | semmle.label | query.foo |
|
||||
| express.js:140:7:140:34 | target | semmle.label | target |
|
||||
| express.js:140:16:140:34 | req.param("target") | semmle.label | req.param("target") |
|
||||
| express.js:145:18:145:23 | target | semmle.label | target |
|
||||
| express.js:150:18:150:23 | target | semmle.label | target |
|
||||
| express.js:154:7:154:54 | myThing | semmle.label | myThing |
|
||||
| express.js:154:7:154:54 | myThing [ArrayElement] | semmle.label | myThing [ArrayElement] |
|
||||
| express.js:154:17:154:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) |
|
||||
| express.js:154:17:154:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) |
|
||||
| express.js:154:17:154:54 | JSON.st ... (1, -1) [ArrayElement] | semmle.label | JSON.st ... (1, -1) [ArrayElement] |
|
||||
| express.js:154:32:154:40 | req.query | semmle.label | req.query |
|
||||
| express.js:155:16:155:22 | myThing | semmle.label | myThing |
|
||||
| koa.js:6:6:6:27 | url | semmle.label | url |
|
||||
| koa.js:6:12:6:27 | ctx.query.target | semmle.label | ctx.query.target |
|
||||
| koa.js:7:15:7:17 | url | semmle.label | url |
|
||||
@@ -108,46 +108,46 @@ nodes
|
||||
| node.js:10:7:10:52 | target | semmle.label | target |
|
||||
| node.js:10:16:10:39 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| node.js:10:26:10:32 | req.url | semmle.label | req.url |
|
||||
| node.js:14:34:14:45 | '/' + target | semmle.label | '/' + target |
|
||||
| node.js:14:40:14:45 | target | semmle.label | target |
|
||||
| node.js:28:7:28:52 | target | semmle.label | target |
|
||||
| node.js:28:16:28:39 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| node.js:28:26:28:32 | req.url | semmle.label | req.url |
|
||||
| node.js:31:34:31:39 | target | semmle.label | target |
|
||||
| node.js:31:34:31:55 | target ... =" + me | semmle.label | target ... =" + me |
|
||||
| node.js:13:34:13:45 | '/' + target | semmle.label | '/' + target |
|
||||
| node.js:13:40:13:45 | target | semmle.label | target |
|
||||
| node.js:27:7:27:52 | target | semmle.label | target |
|
||||
| node.js:27:16:27:39 | url.par ... , true) | semmle.label | url.par ... , true) |
|
||||
| node.js:27:26:27:32 | req.url | semmle.label | req.url |
|
||||
| node.js:29:34:29:39 | target | semmle.label | target |
|
||||
| node.js:29:34:29:55 | target ... =" + me | semmle.label | target ... =" + me |
|
||||
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
|
||||
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
|
||||
| react-native.js:8:17:8:23 | tainted | semmle.label | tainted |
|
||||
| react-native.js:9:26:9:32 | tainted | semmle.label | tainted |
|
||||
subpaths
|
||||
#select
|
||||
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | user-provided value |
|
||||
| ServerSideUrlRedirect.js:4:16:4:34 | req.query["target"] | ServerSideUrlRedirect.js:4:16:4:34 | req.query["target"] | ServerSideUrlRedirect.js:4:16:4:34 | req.query["target"] | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirect.js:4:16:4:34 | req.query["target"] | user-provided value |
|
||||
| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | user-provided value |
|
||||
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:7:16:7:34 | req.param("target") | user-provided value |
|
||||
| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:12:26:12:44 | req.param("target") | user-provided value |
|
||||
| express.js:30:18:30:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:30:18:30:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
|
||||
| express.js:33:18:33:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:33:18:33:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
|
||||
| express.js:35:16:35:21 | target | express.js:27:16:27:34 | req.param("target") | express.js:35:16:35:21 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
|
||||
| express.js:40:16:40:108 | (req.pa ... ntacts" | express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | Untrusted URL redirection depends on a $@. | express.js:40:69:40:87 | req.param('action') | user-provided value |
|
||||
| express.js:74:16:74:43 | `${req. ... )}/foo` | express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | Untrusted URL redirection depends on a $@. | express.js:74:19:74:37 | req.param("target") | user-provided value |
|
||||
| express.js:90:18:90:23 | target | express.js:83:16:83:34 | req.param("target") | express.js:90:18:90:23 | target | Untrusted URL redirection depends on a $@. | express.js:83:16:83:34 | req.param("target") | user-provided value |
|
||||
| express.js:97:16:97:21 | target | express.js:83:16:83:34 | req.param("target") | express.js:97:16:97:21 | target | Untrusted URL redirection depends on a $@. | express.js:83:16:83:34 | req.param("target") | user-provided value |
|
||||
| express.js:118:16:118:72 | [req.qu ... oin('') | express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | Untrusted URL redirection depends on a $@. | express.js:118:17:118:30 | req.query.page | user-provided value |
|
||||
| express.js:134:16:134:36 | '/' + r ... ms.user | express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | Untrusted URL redirection depends on a $@. | express.js:134:22:134:36 | req.params.user | user-provided value |
|
||||
| express.js:135:16:135:37 | '//' + ... ms.user | express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | Untrusted URL redirection depends on a $@. | express.js:135:23:135:37 | req.params.user | user-provided value |
|
||||
| express.js:136:16:136:36 | 'u' + r ... ms.user | express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | Untrusted URL redirection depends on a $@. | express.js:136:22:136:36 | req.params.user | user-provided value |
|
||||
| express.js:143:16:143:28 | req.query.foo | express.js:143:16:143:28 | req.query.foo | express.js:143:16:143:28 | req.query.foo | Untrusted URL redirection depends on a $@. | express.js:143:16:143:28 | req.query.foo | user-provided value |
|
||||
| express.js:146:16:146:24 | query.foo | express.js:146:16:146:24 | query.foo | express.js:146:16:146:24 | query.foo | Untrusted URL redirection depends on a $@. | express.js:146:16:146:24 | query.foo | user-provided value |
|
||||
| express.js:155:18:155:23 | target | express.js:150:16:150:34 | req.param("target") | express.js:155:18:155:23 | target | Untrusted URL redirection depends on a $@. | express.js:150:16:150:34 | req.param("target") | user-provided value |
|
||||
| express.js:160:18:160:23 | target | express.js:150:16:150:34 | req.param("target") | express.js:160:18:160:23 | target | Untrusted URL redirection depends on a $@. | express.js:150:16:150:34 | req.param("target") | user-provided value |
|
||||
| express.js:165:16:165:22 | myThing | express.js:164:32:164:40 | req.query | express.js:165:16:165:22 | myThing | Untrusted URL redirection depends on a $@. | express.js:164:32:164:40 | req.query | user-provided value |
|
||||
| express.js:6:16:6:34 | req.param("target") | express.js:6:16:6:34 | req.param("target") | express.js:6:16:6:34 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:6:16:6:34 | req.param("target") | user-provided value |
|
||||
| express.js:10:26:10:44 | req.param("target") | express.js:10:26:10:44 | req.param("target") | express.js:10:26:10:44 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:10:26:10:44 | req.param("target") | user-provided value |
|
||||
| express.js:28:18:28:23 | target | express.js:25:16:25:34 | req.param("target") | express.js:28:18:28:23 | target | Untrusted URL redirection depends on a $@. | express.js:25:16:25:34 | req.param("target") | user-provided value |
|
||||
| express.js:30:18:30:23 | target | express.js:25:16:25:34 | req.param("target") | express.js:30:18:30:23 | target | Untrusted URL redirection depends on a $@. | express.js:25:16:25:34 | req.param("target") | user-provided value |
|
||||
| express.js:31:16:31:21 | target | express.js:25:16:25:34 | req.param("target") | express.js:31:16:31:21 | target | Untrusted URL redirection depends on a $@. | express.js:25:16:25:34 | req.param("target") | user-provided value |
|
||||
| express.js:35:16:35:108 | (req.pa ... ntacts" | express.js:35:69:35:87 | req.param('action') | express.js:35:16:35:108 | (req.pa ... ntacts" | Untrusted URL redirection depends on a $@. | express.js:35:69:35:87 | req.param('action') | user-provided value |
|
||||
| express.js:68:16:68:43 | `${req. ... )}/foo` | express.js:68:19:68:37 | req.param("target") | express.js:68:16:68:43 | `${req. ... )}/foo` | Untrusted URL redirection depends on a $@. | express.js:68:19:68:37 | req.param("target") | user-provided value |
|
||||
| express.js:83:18:83:23 | target | express.js:77:16:77:34 | req.param("target") | express.js:83:18:83:23 | target | Untrusted URL redirection depends on a $@. | express.js:77:16:77:34 | req.param("target") | user-provided value |
|
||||
| express.js:89:16:89:21 | target | express.js:77:16:77:34 | req.param("target") | express.js:89:16:89:21 | target | Untrusted URL redirection depends on a $@. | express.js:77:16:77:34 | req.param("target") | user-provided value |
|
||||
| express.js:109:16:109:72 | [req.qu ... oin('') | express.js:109:17:109:30 | req.query.page | express.js:109:16:109:72 | [req.qu ... oin('') | Untrusted URL redirection depends on a $@. | express.js:109:17:109:30 | req.query.page | user-provided value |
|
||||
| express.js:124:16:124:36 | '/' + r ... ms.user | express.js:124:22:124:36 | req.params.user | express.js:124:16:124:36 | '/' + r ... ms.user | Untrusted URL redirection depends on a $@. | express.js:124:22:124:36 | req.params.user | user-provided value |
|
||||
| express.js:125:16:125:37 | '//' + ... ms.user | express.js:125:23:125:37 | req.params.user | express.js:125:16:125:37 | '//' + ... ms.user | Untrusted URL redirection depends on a $@. | express.js:125:23:125:37 | req.params.user | user-provided value |
|
||||
| express.js:126:16:126:36 | 'u' + r ... ms.user | express.js:126:22:126:36 | req.params.user | express.js:126:16:126:36 | 'u' + r ... ms.user | Untrusted URL redirection depends on a $@. | express.js:126:22:126:36 | req.params.user | user-provided value |
|
||||
| express.js:133:16:133:28 | req.query.foo | express.js:133:16:133:28 | req.query.foo | express.js:133:16:133:28 | req.query.foo | Untrusted URL redirection depends on a $@. | express.js:133:16:133:28 | req.query.foo | user-provided value |
|
||||
| express.js:136:16:136:24 | query.foo | express.js:136:16:136:24 | query.foo | express.js:136:16:136:24 | query.foo | Untrusted URL redirection depends on a $@. | express.js:136:16:136:24 | query.foo | user-provided value |
|
||||
| express.js:145:18:145:23 | target | express.js:140:16:140:34 | req.param("target") | express.js:145:18:145:23 | target | Untrusted URL redirection depends on a $@. | express.js:140:16:140:34 | req.param("target") | user-provided value |
|
||||
| express.js:150:18:150:23 | target | express.js:140:16:140:34 | req.param("target") | express.js:150:18:150:23 | target | Untrusted URL redirection depends on a $@. | express.js:140:16:140:34 | req.param("target") | user-provided value |
|
||||
| express.js:155:16:155:22 | myThing | express.js:154:32:154:40 | req.query | express.js:155:16:155:22 | myThing | Untrusted URL redirection depends on a $@. | express.js:154:32:154:40 | req.query | user-provided value |
|
||||
| koa.js:7:15:7:17 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:7:15:7:17 | url | Untrusted URL redirection depends on a $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
|
||||
| koa.js:8:15:8:26 | `${url}${x}` | koa.js:6:12:6:27 | ctx.query.target | koa.js:8:15:8:26 | `${url}${x}` | Untrusted URL redirection depends on a $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
|
||||
| koa.js:14:16:14:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:14:16:14:18 | url | Untrusted URL redirection depends on a $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
|
||||
| koa.js:20:16:20:18 | url | koa.js:6:12:6:27 | ctx.query.target | koa.js:20:16:20:18 | url | Untrusted URL redirection depends on a $@. | koa.js:6:12:6:27 | ctx.query.target | user-provided value |
|
||||
| next.ts:11:31:11:50 | req.body.callbackUrl | next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | Untrusted URL redirection depends on a $@. | next.ts:11:31:11:38 | req.body | user-provided value |
|
||||
| node.js:6:34:6:39 | target | node.js:5:26:5:32 | req.url | node.js:6:34:6:39 | target | Untrusted URL redirection depends on a $@. | node.js:5:26:5:32 | req.url | user-provided value |
|
||||
| node.js:14:34:14:45 | '/' + target | node.js:10:26:10:32 | req.url | node.js:14:34:14:45 | '/' + target | Untrusted URL redirection depends on a $@. | node.js:10:26:10:32 | req.url | user-provided value |
|
||||
| node.js:31:34:31:55 | target ... =" + me | node.js:28:26:28:32 | req.url | node.js:31:34:31:55 | target ... =" + me | Untrusted URL redirection depends on a $@. | node.js:28:26:28:32 | req.url | user-provided value |
|
||||
| node.js:13:34:13:45 | '/' + target | node.js:10:26:10:32 | req.url | node.js:13:34:13:45 | '/' + target | Untrusted URL redirection depends on a $@. | node.js:10:26:10:32 | req.url | user-provided value |
|
||||
| node.js:29:34:29:55 | target ... =" + me | node.js:27:26:27:32 | req.url | node.js:29:34:29:55 | target ... =" + me | Untrusted URL redirection depends on a $@. | node.js:27:26:27:32 | req.url | user-provided value |
|
||||
| react-native.js:8:17:8:23 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:17:8:23 | tainted | Untrusted URL redirection depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
|
||||
| react-native.js:9:26:9:32 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:9:26:9:32 | tainted | Untrusted URL redirection depends on a $@. | react-native.js:7:17:7:33 | req.param("code") | user-provided value |
|
||||
|
||||
@@ -1,27 +1,27 @@
|
||||
#select
|
||||
| domparser.js:10:55:10:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:10:55:10:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:12:57:12:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:12:57:12:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:9:21:9:41 | req.par ... e-xml") | libxml.noent.js:9:21:9:41 | req.par ... e-xml") | libxml.noent.js:9:21:9:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:9:21:9:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:11:27:11:47 | req.par ... e-xml") | libxml.noent.js:11:27:11:47 | req.par ... e-xml") | libxml.noent.js:11:27:11:47 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:11:27:11:47 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:12:27:12:66 | req.fil ... 'utf8') | libxml.noent.js:12:27:12:35 | req.files | libxml.noent.js:12:27:12:66 | req.fil ... 'utf8') | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:12:27:12:35 | req.files | user-provided value |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |
|
||||
edges
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:10:55:10:57 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:12:57:12:59 | src | provenance | |
|
||||
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | |
|
||||
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | provenance | |
|
||||
| libxml.noent.js:12:27:12:35 | req.files | libxml.noent.js:12:27:12:66 | req.fil ... 'utf8') | provenance | |
|
||||
nodes
|
||||
| domparser.js:2:7:2:36 | src | semmle.label | src |
|
||||
| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| domparser.js:11:55:11:57 | src | semmle.label | src |
|
||||
| domparser.js:14:57:14:59 | src | semmle.label | src |
|
||||
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:16:27:16:35 | req.files | semmle.label | req.files |
|
||||
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') |
|
||||
| domparser.js:10:55:10:57 | src | semmle.label | src |
|
||||
| domparser.js:12:57:12:59 | src | semmle.label | src |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:9:21:9:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:11:27:11:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:12:27:12:35 | req.files | semmle.label | req.files |
|
||||
| libxml.noent.js:12:27:12:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
subpaths
|
||||
#select
|
||||
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.noent.js:16:27:16:35 | req.files | user-provided value |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against external entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
| tst-cleartextCookie.js:5:5:10:10 | res.coo ... }) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:20:5:20:43 | res.coo ... ptions) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:35:1:35:52 | js_cook ... alse }) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:44:37:44:51 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:64:13:64:27 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:97:13:97:25 | "authKey=foo" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:108:9:111:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:113:9:116:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:118:9:121:2 | session ... T OK\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:128:9:128:21 | session(sess) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:152:9:160:2 | session ... Date\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:164:33:164:58 | `authKe ... key()}` | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:177:5:177:19 | document.cookie | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:181:5:181:41 | cookies ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:186:5:186:46 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:195:33:195:74 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:43:37:43:51 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:63:13:63:27 | "authKey=ninja" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:96:13:96:25 | "authKey=foo" | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:107:9:110:2 | session ... lert\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:112:9:114:2 | session ... ret'\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:116:9:119:2 | session ... lert\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:126:9:126:21 | session(sess) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:150:9:158:2 | session ... Date\\n}) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:162:33:162:58 | `authKe ... key()}` | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:175:5:175:19 | document.cookie | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:179:5:179:41 | cookies ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:184:5:184:46 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
| tst-cleartextCookie.js:193:33:193:74 | cookie. ... hkey()) | Sensitive cookie sent without enforcing SSL encryption. |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
edges
|
||||
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | provenance | |
|
||||
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:8:66:8:73 | userName | provenance | |
|
||||
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | provenance | |
|
||||
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | provenance | |
|
||||
| XpathInjectionBad.js:8:66:8:73 | userName | XpathInjectionBad.js:8:34:8:96 | "//user ... text()" | provenance | |
|
||||
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | provenance | |
|
||||
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | provenance | |
|
||||
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | provenance | |
|
||||
@@ -13,8 +13,8 @@ edges
|
||||
nodes
|
||||
| XpathInjectionBad.js:6:7:6:38 | userName | semmle.label | userName |
|
||||
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | semmle.label | req.par ... rName") |
|
||||
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | semmle.label | "//user ... text()" |
|
||||
| XpathInjectionBad.js:9:66:9:73 | userName | semmle.label | userName |
|
||||
| XpathInjectionBad.js:8:34:8:96 | "//user ... text()" | semmle.label | "//user ... text()" |
|
||||
| XpathInjectionBad.js:8:66:8:73 | userName | semmle.label | userName |
|
||||
| tst2.js:1:13:1:34 | documen ... on.hash | semmle.label | documen ... on.hash |
|
||||
| tst2.js:1:13:1:47 | documen ... ring(1) | semmle.label | documen ... ring(1) |
|
||||
| tst2.js:2:27:2:31 | query | semmle.label | query |
|
||||
@@ -27,7 +27,7 @@ nodes
|
||||
| tst.js:11:8:11:14 | tainted | semmle.label | tainted |
|
||||
subpaths
|
||||
#select
|
||||
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XPath expression depends on a $@. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | user-provided value |
|
||||
| XpathInjectionBad.js:8:34:8:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:8:34:8:96 | "//user ... text()" | XPath expression depends on a $@. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | user-provided value |
|
||||
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | XPath expression depends on a $@. | tst2.js:1:13:1:34 | documen ... on.hash | user-provided value |
|
||||
| tst2.js:3:19:3:23 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:3:19:3:23 | query | XPath expression depends on a $@. | tst2.js:1:13:1:34 | documen ... on.hash | user-provided value |
|
||||
| tst.js:7:15:7:21 | tainted | tst.js:6:17:6:37 | req.par ... rName") | tst.js:7:15:7:21 | tainted | XPath expression depends on a $@. | tst.js:6:17:6:37 | req.par ... rName") | user-provided value |
|
||||
|
||||
@@ -1,49 +1,49 @@
|
||||
edges
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:7:31:7:33 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:17:19:17:21 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:18:19:18:21 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:28:12:28:14 | key | provenance | |
|
||||
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:49:14:49:16 | key | provenance | |
|
||||
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:35:23:35:27 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:36:26:36:30 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:37:25:37:29 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:24:40:28 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:27:41:31 | input | provenance | |
|
||||
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:26:42:30 | input | provenance | |
|
||||
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | provenance | |
|
||||
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | provenance | |
|
||||
| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | provenance | |
|
||||
| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | provenance | |
|
||||
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | provenance | |
|
||||
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | provenance | |
|
||||
| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | provenance | |
|
||||
| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | provenance | |
|
||||
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | |
|
||||
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | provenance | |
|
||||
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | |
|
||||
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | provenance | |
|
||||
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | provenance | |
|
||||
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | provenance | |
|
||||
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | provenance | |
|
||||
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | provenance | |
|
||||
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | provenance | |
|
||||
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | provenance | |
|
||||
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | provenance | |
|
||||
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | |
|
||||
| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | provenance | |
|
||||
| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | provenance | |
|
||||
| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | provenance | |
|
||||
| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | provenance | |
|
||||
| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | provenance | |
|
||||
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | provenance | |
|
||||
| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | provenance | |
|
||||
| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | provenance | |
|
||||
| RegExpInjection.js:97:7:97:32 | input | RegExpInjection.js:99:19:99:23 | input | provenance | |
|
||||
| RegExpInjection.js:97:15:97:32 | req.param("input") | RegExpInjection.js:97:7:97:32 | input | provenance | |
|
||||
| RegExpInjection.js:99:7:99:106 | sanitized | RegExpInjection.js:100:14:100:22 | sanitized | provenance | |
|
||||
| RegExpInjection.js:99:19:99:23 | input | RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | provenance | |
|
||||
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | RegExpInjection.js:99:7:99:106 | sanitized | provenance | |
|
||||
| RegExpInjection.js:7:31:7:33 | key | RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | provenance | |
|
||||
| RegExpInjection.js:9:17:9:17 | s | RegExpInjection.js:10:26:10:26 | s | provenance | |
|
||||
| RegExpInjection.js:10:20:10:27 | wrap2(s) | RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | provenance | |
|
||||
| RegExpInjection.js:10:26:10:26 | s | RegExpInjection.js:10:20:10:27 | wrap2(s) | provenance | |
|
||||
| RegExpInjection.js:10:26:10:26 | s | RegExpInjection.js:13:18:13:18 | s | provenance | |
|
||||
| RegExpInjection.js:13:18:13:18 | s | RegExpInjection.js:14:12:14:12 | s | provenance | |
|
||||
| RegExpInjection.js:14:12:14:12 | s | RegExpInjection.js:14:12:14:24 | s + "=(.*)\\n" | provenance | |
|
||||
| RegExpInjection.js:17:19:17:21 | key | RegExpInjection.js:9:17:9:17 | s | provenance | |
|
||||
| RegExpInjection.js:17:19:17:21 | key | RegExpInjection.js:17:14:17:22 | wrap(key) | provenance | |
|
||||
| RegExpInjection.js:18:19:18:21 | key | RegExpInjection.js:9:17:9:17 | s | provenance | |
|
||||
| RegExpInjection.js:18:19:18:21 | key | RegExpInjection.js:18:14:18:22 | wrap(key) | provenance | |
|
||||
| RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:23:14:23:21 | getKey() | provenance | |
|
||||
| RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:29:12:29:19 | getKey() | provenance | |
|
||||
| RegExpInjection.js:25:21:25:21 | s | RegExpInjection.js:26:23:26:23 | s | provenance | |
|
||||
| RegExpInjection.js:28:12:28:14 | key | RegExpInjection.js:25:21:25:21 | s | provenance | |
|
||||
| RegExpInjection.js:29:12:29:19 | getKey() | RegExpInjection.js:25:21:25:21 | s | provenance | |
|
||||
| RegExpInjection.js:49:14:49:16 | key | RegExpInjection.js:49:14:49:27 | key.split(".") [ArrayElement] | provenance | |
|
||||
| RegExpInjection.js:49:14:49:27 | key.split(".") [ArrayElement] | RegExpInjection.js:49:14:49:42 | key.spl ... x => x) [ArrayElement] | provenance | |
|
||||
| RegExpInjection.js:49:14:49:42 | key.spl ... x => x) [ArrayElement] | RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | provenance | |
|
||||
| RegExpInjection.js:55:31:55:56 | input | RegExpInjection.js:59:14:59:18 | input | provenance | |
|
||||
| RegExpInjection.js:55:39:55:56 | req.param("input") | RegExpInjection.js:55:31:55:56 | input | provenance | |
|
||||
| RegExpInjection.js:77:7:77:32 | input | RegExpInjection.js:82:25:82:29 | input | provenance | |
|
||||
| RegExpInjection.js:77:15:77:32 | req.param("input") | RegExpInjection.js:77:7:77:32 | input | provenance | |
|
||||
| RegExpInjection.js:82:25:82:29 | input | RegExpInjection.js:82:25:82:48 | input.r ... g, "\|") | provenance | |
|
||||
| RegExpInjection.js:82:25:82:48 | input.r ... g, "\|") | RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | provenance | |
|
||||
| RegExpInjection.js:86:20:86:30 | process.env | RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | provenance | |
|
||||
| RegExpInjection.js:88:20:88:31 | process.argv | RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | provenance | |
|
||||
| RegExpInjection.js:92:7:92:32 | input | RegExpInjection.js:94:19:94:23 | input | provenance | |
|
||||
| RegExpInjection.js:92:15:92:32 | req.param("input") | RegExpInjection.js:92:7:92:32 | input | provenance | |
|
||||
| RegExpInjection.js:94:7:94:106 | sanitized | RegExpInjection.js:95:14:95:22 | sanitized | provenance | |
|
||||
| RegExpInjection.js:94:19:94:23 | input | RegExpInjection.js:94:19:94:106 | input.r ... "\\\\$&") | provenance | |
|
||||
| RegExpInjection.js:94:19:94:106 | input.r ... "\\\\$&") | RegExpInjection.js:94:7:94:106 | sanitized | provenance | |
|
||||
| tst.js:5:9:5:29 | data | tst.js:6:21:6:24 | data | provenance | |
|
||||
| tst.js:5:16:5:29 | req.query.data | tst.js:5:9:5:29 | data | provenance | |
|
||||
| tst.js:6:21:6:24 | data | tst.js:6:16:6:35 | "^"+ data.name + "$" | provenance | |
|
||||
@@ -52,78 +52,78 @@ nodes
|
||||
| RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") |
|
||||
| RegExpInjection.js:5:31:5:56 | input | semmle.label | input |
|
||||
| RegExpInjection.js:5:39:5:56 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | semmle.label | "\\\\b" + ... (.*)\\n" |
|
||||
| RegExpInjection.js:8:31:8:33 | key | semmle.label | key |
|
||||
| RegExpInjection.js:10:17:10:17 | s | semmle.label | s |
|
||||
| RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | semmle.label | "\\\\b" + wrap2(s) |
|
||||
| RegExpInjection.js:11:20:11:27 | wrap2(s) | semmle.label | wrap2(s) |
|
||||
| RegExpInjection.js:11:26:11:26 | s | semmle.label | s |
|
||||
| RegExpInjection.js:14:18:14:18 | s | semmle.label | s |
|
||||
| RegExpInjection.js:15:12:15:12 | s | semmle.label | s |
|
||||
| RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | semmle.label | s + "=(.*)\\n" |
|
||||
| RegExpInjection.js:19:14:19:22 | wrap(key) | semmle.label | wrap(key) |
|
||||
| RegExpInjection.js:19:19:19:21 | key | semmle.label | key |
|
||||
| RegExpInjection.js:21:14:21:22 | wrap(key) | semmle.label | wrap(key) |
|
||||
| RegExpInjection.js:21:19:21:21 | key | semmle.label | key |
|
||||
| RegExpInjection.js:24:12:24:27 | req.param("key") | semmle.label | req.param("key") |
|
||||
| RegExpInjection.js:27:14:27:21 | getKey() | semmle.label | getKey() |
|
||||
| RegExpInjection.js:29:21:29:21 | s | semmle.label | s |
|
||||
| RegExpInjection.js:31:23:31:23 | s | semmle.label | s |
|
||||
| RegExpInjection.js:33:12:33:14 | key | semmle.label | key |
|
||||
| RegExpInjection.js:34:12:34:19 | getKey() | semmle.label | getKey() |
|
||||
| RegExpInjection.js:40:23:40:27 | input | semmle.label | input |
|
||||
| RegExpInjection.js:41:26:41:30 | input | semmle.label | input |
|
||||
| RegExpInjection.js:42:25:42:29 | input | semmle.label | input |
|
||||
| RegExpInjection.js:45:24:45:28 | input | semmle.label | input |
|
||||
| RegExpInjection.js:46:27:46:31 | input | semmle.label | input |
|
||||
| RegExpInjection.js:47:26:47:30 | input | semmle.label | input |
|
||||
| RegExpInjection.js:54:14:54:16 | key | semmle.label | key |
|
||||
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | semmle.label | key.split(".") [ArrayElement] |
|
||||
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | semmle.label | key.spl ... x => x) [ArrayElement] |
|
||||
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") |
|
||||
| RegExpInjection.js:60:31:60:56 | input | semmle.label | input |
|
||||
| RegExpInjection.js:60:39:60:56 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:64:14:64:18 | input | semmle.label | input |
|
||||
| RegExpInjection.js:82:7:82:32 | input | semmle.label | input |
|
||||
| RegExpInjection.js:82:15:82:32 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | semmle.label | "^.*\\.( ... + ")$" |
|
||||
| RegExpInjection.js:87:25:87:29 | input | semmle.label | input |
|
||||
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | semmle.label | input.r ... g, "\|") |
|
||||
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
|
||||
| RegExpInjection.js:91:20:91:30 | process.env | semmle.label | process.env |
|
||||
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
|
||||
| RegExpInjection.js:93:20:93:31 | process.argv | semmle.label | process.argv |
|
||||
| RegExpInjection.js:97:7:97:32 | input | semmle.label | input |
|
||||
| RegExpInjection.js:97:15:97:32 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:99:7:99:106 | sanitized | semmle.label | sanitized |
|
||||
| RegExpInjection.js:99:19:99:23 | input | semmle.label | input |
|
||||
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | semmle.label | input.r ... "\\\\$&") |
|
||||
| RegExpInjection.js:100:14:100:22 | sanitized | semmle.label | sanitized |
|
||||
| RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | semmle.label | "\\\\b" + ... (.*)\\n" |
|
||||
| RegExpInjection.js:7:31:7:33 | key | semmle.label | key |
|
||||
| RegExpInjection.js:9:17:9:17 | s | semmle.label | s |
|
||||
| RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | semmle.label | "\\\\b" + wrap2(s) |
|
||||
| RegExpInjection.js:10:20:10:27 | wrap2(s) | semmle.label | wrap2(s) |
|
||||
| RegExpInjection.js:10:26:10:26 | s | semmle.label | s |
|
||||
| RegExpInjection.js:13:18:13:18 | s | semmle.label | s |
|
||||
| RegExpInjection.js:14:12:14:12 | s | semmle.label | s |
|
||||
| RegExpInjection.js:14:12:14:24 | s + "=(.*)\\n" | semmle.label | s + "=(.*)\\n" |
|
||||
| RegExpInjection.js:17:14:17:22 | wrap(key) | semmle.label | wrap(key) |
|
||||
| RegExpInjection.js:17:19:17:21 | key | semmle.label | key |
|
||||
| RegExpInjection.js:18:14:18:22 | wrap(key) | semmle.label | wrap(key) |
|
||||
| RegExpInjection.js:18:19:18:21 | key | semmle.label | key |
|
||||
| RegExpInjection.js:21:12:21:27 | req.param("key") | semmle.label | req.param("key") |
|
||||
| RegExpInjection.js:23:14:23:21 | getKey() | semmle.label | getKey() |
|
||||
| RegExpInjection.js:25:21:25:21 | s | semmle.label | s |
|
||||
| RegExpInjection.js:26:23:26:23 | s | semmle.label | s |
|
||||
| RegExpInjection.js:28:12:28:14 | key | semmle.label | key |
|
||||
| RegExpInjection.js:29:12:29:19 | getKey() | semmle.label | getKey() |
|
||||
| RegExpInjection.js:35:23:35:27 | input | semmle.label | input |
|
||||
| RegExpInjection.js:36:26:36:30 | input | semmle.label | input |
|
||||
| RegExpInjection.js:37:25:37:29 | input | semmle.label | input |
|
||||
| RegExpInjection.js:40:24:40:28 | input | semmle.label | input |
|
||||
| RegExpInjection.js:41:27:41:31 | input | semmle.label | input |
|
||||
| RegExpInjection.js:42:26:42:30 | input | semmle.label | input |
|
||||
| RegExpInjection.js:49:14:49:16 | key | semmle.label | key |
|
||||
| RegExpInjection.js:49:14:49:27 | key.split(".") [ArrayElement] | semmle.label | key.split(".") [ArrayElement] |
|
||||
| RegExpInjection.js:49:14:49:42 | key.spl ... x => x) [ArrayElement] | semmle.label | key.spl ... x => x) [ArrayElement] |
|
||||
| RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") |
|
||||
| RegExpInjection.js:55:31:55:56 | input | semmle.label | input |
|
||||
| RegExpInjection.js:55:39:55:56 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:59:14:59:18 | input | semmle.label | input |
|
||||
| RegExpInjection.js:77:7:77:32 | input | semmle.label | input |
|
||||
| RegExpInjection.js:77:15:77:32 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | semmle.label | "^.*\\.( ... + ")$" |
|
||||
| RegExpInjection.js:82:25:82:29 | input | semmle.label | input |
|
||||
| RegExpInjection.js:82:25:82:48 | input.r ... g, "\|") | semmle.label | input.r ... g, "\|") |
|
||||
| RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
|
||||
| RegExpInjection.js:86:20:86:30 | process.env | semmle.label | process.env |
|
||||
| RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
|
||||
| RegExpInjection.js:88:20:88:31 | process.argv | semmle.label | process.argv |
|
||||
| RegExpInjection.js:92:7:92:32 | input | semmle.label | input |
|
||||
| RegExpInjection.js:92:15:92:32 | req.param("input") | semmle.label | req.param("input") |
|
||||
| RegExpInjection.js:94:7:94:106 | sanitized | semmle.label | sanitized |
|
||||
| RegExpInjection.js:94:19:94:23 | input | semmle.label | input |
|
||||
| RegExpInjection.js:94:19:94:106 | input.r ... "\\\\$&") | semmle.label | input.r ... "\\\\$&") |
|
||||
| RegExpInjection.js:95:14:95:22 | sanitized | semmle.label | sanitized |
|
||||
| tst.js:5:9:5:29 | data | semmle.label | data |
|
||||
| tst.js:5:16:5:29 | req.query.data | semmle.label | req.query.data |
|
||||
| tst.js:6:16:6:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" |
|
||||
| tst.js:6:21:6:24 | data | semmle.label | data |
|
||||
subpaths
|
||||
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | RegExpInjection.js:11:20:11:27 | wrap2(s) |
|
||||
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:19:14:19:22 | wrap(key) |
|
||||
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:21:14:21:22 | wrap(key) |
|
||||
| RegExpInjection.js:10:26:10:26 | s | RegExpInjection.js:13:18:13:18 | s | RegExpInjection.js:14:12:14:24 | s + "=(.*)\\n" | RegExpInjection.js:10:20:10:27 | wrap2(s) |
|
||||
| RegExpInjection.js:17:19:17:21 | key | RegExpInjection.js:9:17:9:17 | s | RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:17:14:17:22 | wrap(key) |
|
||||
| RegExpInjection.js:18:19:18:21 | key | RegExpInjection.js:9:17:9:17 | s | RegExpInjection.js:10:12:10:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:18:14:18:22 | wrap(key) |
|
||||
#select
|
||||
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:21:14:21:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:21:14:21:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:27:14:27:21 | getKey() | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:40:23:40:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:23:40:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:41:26:41:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:26:41:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:42:25:42:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:25:42:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:45:24:45:28 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:45:24:45:28 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:46:27:46:31 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:46:27:46:31 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:47:26:47:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:47:26:47:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:64:14:64:18 | input | RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:64:14:64:18 | input | This regular expression is constructed from a $@. | RegExpInjection.js:60:39:60:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:82:15:82:32 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:91:20:91:30 | process.env | environment variable |
|
||||
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:93:20:93:31 | process.argv | command-line argument |
|
||||
| RegExpInjection.js:100:14:100:22 | sanitized | RegExpInjection.js:97:15:97:32 | req.param("input") | RegExpInjection.js:100:14:100:22 | sanitized | This regular expression is constructed from a $@. | RegExpInjection.js:97:15:97:32 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:7:23:7:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:17:14:17:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:17:14:17:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:18:14:18:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:18:14:18:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:23:14:23:21 | getKey() | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:23:14:23:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:26:23:26:23 | s | RegExpInjection.js:21:12:21:27 | req.param("key") | RegExpInjection.js:26:23:26:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:21:12:21:27 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:35:23:35:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:35:23:35:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:36:26:36:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:36:26:36:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:37:25:37:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:37:25:37:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:40:24:40:28 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:24:40:28 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:41:27:41:31 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:27:41:31 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:42:26:42:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:26:42:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:49:14:49:52 | key.spl ... in("-") | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
|
||||
| RegExpInjection.js:59:14:59:18 | input | RegExpInjection.js:55:39:55:56 | req.param("input") | RegExpInjection.js:59:14:59:18 | input | This regular expression is constructed from a $@. | RegExpInjection.js:55:39:55:56 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:77:15:77:32 | req.param("input") | RegExpInjection.js:82:14:82:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:77:15:77:32 | req.param("input") | user-provided value |
|
||||
| RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | RegExpInjection.js:86:20:86:30 | process.env | RegExpInjection.js:86:16:86:50 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:86:20:86:30 | process.env | environment variable |
|
||||
| RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | RegExpInjection.js:88:20:88:31 | process.argv | RegExpInjection.js:88:16:88:49 | `^${pro ... r.app$` | This regular expression is constructed from a $@. | RegExpInjection.js:88:20:88:31 | process.argv | command-line argument |
|
||||
| RegExpInjection.js:95:14:95:22 | sanitized | RegExpInjection.js:92:15:92:32 | req.param("input") | RegExpInjection.js:95:14:95:22 | sanitized | This regular expression is constructed from a $@. | RegExpInjection.js:92:15:92:32 | req.param("input") | user-provided value |
|
||||
| tst.js:6:16:6:35 | "^"+ data.name + "$" | tst.js:5:16:5:29 | req.query.data | tst.js:6:16:6:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:5:16:5:29 | req.query.data | user-provided value |
|
||||
|
||||
@@ -1,49 +1,49 @@
|
||||
edges
|
||||
| server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:18:1:20:1 | functio ... OT OK\\n} | server-crash.js:59:5:59:18 | indirection2() |
|
||||
| server-crash.js:19:3:19:11 | throw 42; | server-crash.js:18:1:20:1 | functio ... OT OK\\n} |
|
||||
| server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... K\\n } |
|
||||
| server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:18:1:20:1 | functio ... rash]\\n} | server-crash.js:59:5:59:18 | indirection2() |
|
||||
| server-crash.js:19:3:19:11 | throw 42; | server-crash.js:18:1:20:1 | functio ... rash]\\n} |
|
||||
| server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... ]\\n } |
|
||||
| server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:59:5:59:18 | indirection2() | server-crash.js:58:23:60:3 | (err, x ... ();\\n } |
|
||||
| server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ... OK\\n } |
|
||||
| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... K\\n } |
|
||||
| server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ... sh]\\n } |
|
||||
| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... ]\\n } |
|
||||
| server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:108:26:110:7 | () => { ... } |
|
||||
| server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:116:26:118:7 | () => { ... } |
|
||||
| server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... K\\n } |
|
||||
| server-crash.js:152:3:154:3 | functio ... OK\\n } | server-crash.js:157:5:157:16 | throwError() |
|
||||
| server-crash.js:152:3:154:3 | functio ... OK\\n } | server-crash.js:160:5:160:16 | throwError() |
|
||||
| server-crash.js:152:3:154:3 | functio ... OK\\n } | server-crash.js:164:3:164:14 | throwError() |
|
||||
| server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:152:3:154:3 | functio ... OK\\n } |
|
||||
| server-crash.js:153:11:153:21 | new Error() | server-crash.js:152:3:154:3 | functio ... OK\\n } |
|
||||
| server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... ]\\n } |
|
||||
| server-crash.js:152:3:154:3 | functio ... sh]\\n } | server-crash.js:157:5:157:16 | throwError() |
|
||||
| server-crash.js:152:3:154:3 | functio ... sh]\\n } | server-crash.js:160:5:160:16 | throwError() |
|
||||
| server-crash.js:152:3:154:3 | functio ... sh]\\n } | server-crash.js:164:3:164:14 | throwError() |
|
||||
| server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:152:3:154:3 | functio ... sh]\\n } |
|
||||
| server-crash.js:153:11:153:21 | new Error() | server-crash.js:152:3:154:3 | functio ... sh]\\n } |
|
||||
| server-crash.js:157:5:157:16 | throwError() | server-crash.js:156:3:158:3 | functio ... ath\\n } |
|
||||
nodes
|
||||
| server-crash.js:14:23:16:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:14:23:16:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:15:5:15:14 | throw err; |
|
||||
| server-crash.js:18:1:20:1 | functio ... OT OK\\n} |
|
||||
| server-crash.js:18:1:20:1 | functio ... rash]\\n} |
|
||||
| server-crash.js:19:3:19:11 | throw 42; |
|
||||
| server-crash.js:23:25:25:5 | (err, x ... K\\n } |
|
||||
| server-crash.js:23:25:25:5 | (err, x ... ]\\n } |
|
||||
| server-crash.js:24:7:24:16 | throw err; |
|
||||
| server-crash.js:35:23:37:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:35:23:37:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:36:5:36:14 | throw err; |
|
||||
| server-crash.js:40:23:42:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:40:23:42:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:41:5:41:14 | throw err; |
|
||||
| server-crash.js:58:23:60:3 | (err, x ... ();\\n } |
|
||||
| server-crash.js:59:5:59:18 | indirection2() |
|
||||
| server-crash.js:87:23:89:3 | (err, x ... OK\\n } |
|
||||
| server-crash.js:87:23:89:3 | (err, x ... sh]\\n } |
|
||||
| server-crash.js:88:5:88:14 | throw err; |
|
||||
| server-crash.js:93:22:95:3 | () => { ... OK\\n } |
|
||||
| server-crash.js:93:22:95:3 | () => { ... sh]\\n } |
|
||||
| server-crash.js:94:5:94:14 | throw "e"; |
|
||||
| server-crash.js:101:24:103:5 | () => { ... K\\n } |
|
||||
| server-crash.js:101:24:103:5 | () => { ... ]\\n } |
|
||||
| server-crash.js:102:7:102:16 | throw "e"; |
|
||||
| server-crash.js:108:26:110:7 | () => { ... } |
|
||||
| server-crash.js:109:9:109:18 | throw "e"; |
|
||||
| server-crash.js:116:26:118:7 | () => { ... } |
|
||||
| server-crash.js:117:9:117:18 | throw "e"; |
|
||||
| server-crash.js:130:25:132:5 | (err, x ... K\\n } |
|
||||
| server-crash.js:130:25:132:5 | (err, x ... ]\\n } |
|
||||
| server-crash.js:131:7:131:16 | throw err; |
|
||||
| server-crash.js:152:3:154:3 | functio ... OK\\n } |
|
||||
| server-crash.js:152:3:154:3 | functio ... sh]\\n } |
|
||||
| server-crash.js:153:5:153:22 | throw new Error(); |
|
||||
| server-crash.js:153:11:153:21 | new Error() |
|
||||
| server-crash.js:156:3:158:3 | functio ... ath\\n } |
|
||||
@@ -51,15 +51,15 @@ nodes
|
||||
| server-crash.js:160:5:160:16 | throwError() |
|
||||
| server-crash.js:164:3:164:14 | throwError() |
|
||||
#select
|
||||
| server-crash.js:15:5:15:14 | throw err; | server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ... OK\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:14:23:16:3 | (err, x ... OK\\n } | asynchronous callback |
|
||||
| server-crash.js:15:5:15:14 | throw err; | server-crash.js:15:5:15:14 | throw err; | server-crash.js:14:23:16:3 | (err, x ... sh]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:14:23:16:3 | (err, x ... sh]\\n } | asynchronous callback |
|
||||
| server-crash.js:19:3:19:11 | throw 42; | server-crash.js:19:3:19:11 | throw 42; | server-crash.js:58:23:60:3 | (err, x ... ();\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:58:23:60:3 | (err, x ... ();\\n } | asynchronous callback |
|
||||
| server-crash.js:24:7:24:16 | throw err; | server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... K\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:23:25:25:5 | (err, x ... K\\n } | asynchronous callback |
|
||||
| server-crash.js:36:5:36:14 | throw err; | server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ... OK\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:35:23:37:3 | (err, x ... OK\\n } | asynchronous callback |
|
||||
| server-crash.js:41:5:41:14 | throw err; | server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ... OK\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:40:23:42:3 | (err, x ... OK\\n } | asynchronous callback |
|
||||
| server-crash.js:88:5:88:14 | throw err; | server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ... OK\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:87:23:89:3 | (err, x ... OK\\n } | asynchronous callback |
|
||||
| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ... OK\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:93:22:95:3 | () => { ... OK\\n } | asynchronous callback |
|
||||
| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... K\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:101:24:103:5 | () => { ... K\\n } | asynchronous callback |
|
||||
| server-crash.js:24:7:24:16 | throw err; | server-crash.js:24:7:24:16 | throw err; | server-crash.js:23:25:25:5 | (err, x ... ]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:23:25:25:5 | (err, x ... ]\\n } | asynchronous callback |
|
||||
| server-crash.js:36:5:36:14 | throw err; | server-crash.js:36:5:36:14 | throw err; | server-crash.js:35:23:37:3 | (err, x ... sh]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:35:23:37:3 | (err, x ... sh]\\n } | asynchronous callback |
|
||||
| server-crash.js:41:5:41:14 | throw err; | server-crash.js:41:5:41:14 | throw err; | server-crash.js:40:23:42:3 | (err, x ... sh]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:40:23:42:3 | (err, x ... sh]\\n } | asynchronous callback |
|
||||
| server-crash.js:88:5:88:14 | throw err; | server-crash.js:88:5:88:14 | throw err; | server-crash.js:87:23:89:3 | (err, x ... sh]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:39:25:85:1 | (req, r ... e) {}\\n} | this route handler | server-crash.js:87:23:89:3 | (err, x ... sh]\\n } | asynchronous callback |
|
||||
| server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:94:5:94:14 | throw "e"; | server-crash.js:93:22:95:3 | () => { ... sh]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:93:22:95:3 | () => { ... sh]\\n } | asynchronous callback |
|
||||
| server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:102:7:102:16 | throw "e"; | server-crash.js:101:24:103:5 | () => { ... ]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:101:24:103:5 | () => { ... ]\\n } | asynchronous callback |
|
||||
| server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:109:9:109:18 | throw "e"; | server-crash.js:108:26:110:7 | () => { ... } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:108:26:110:7 | () => { ... } | asynchronous callback |
|
||||
| server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:117:9:117:18 | throw "e"; | server-crash.js:116:26:118:7 | () => { ... } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:92:31:120:1 | (req, r ... });\\n} | this route handler | server-crash.js:116:26:118:7 | () => { ... } | asynchronous callback |
|
||||
| server-crash.js:131:7:131:16 | throw err; | server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... K\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:128:32:135:1 | async ( ... un();\\n} | this route handler | server-crash.js:130:25:132:5 | (err, x ... K\\n } | asynchronous callback |
|
||||
| server-crash.js:131:7:131:16 | throw err; | server-crash.js:131:7:131:16 | throw err; | server-crash.js:130:25:132:5 | (err, x ... ]\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:128:32:135:1 | async ( ... un();\\n} | this route handler | server-crash.js:130:25:132:5 | (err, x ... ]\\n } | asynchronous callback |
|
||||
| server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:153:5:153:22 | throw new Error(); | server-crash.js:156:3:158:3 | functio ... ath\\n } | The server of $@ will terminate when an uncaught exception from this location escapes an $@. | server-crash.js:151:40:166:1 | (req, r ... nc();\\n} | this route handler | server-crash.js:161:16:161:17 | cb | asynchronous callback |
|
||||
|
||||
@@ -1,38 +1,38 @@
|
||||
edges
|
||||
| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | provenance | |
|
||||
| closure.js:2:7:2:36 | src | closure.js:3:24:3:26 | src | provenance | |
|
||||
| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:5:37:5:39 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:9:55:9:57 | src | provenance | |
|
||||
| domparser.js:2:7:2:36 | src | domparser.js:11:57:11:59 | src | provenance | |
|
||||
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | |
|
||||
| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | provenance | |
|
||||
| jquery.js:2:7:2:36 | src | jquery.js:4:14:4:16 | src | provenance | |
|
||||
| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | provenance | |
|
||||
nodes
|
||||
| closure.js:2:7:2:36 | src | semmle.label | src |
|
||||
| closure.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| closure.js:4:24:4:26 | src | semmle.label | src |
|
||||
| closure.js:3:24:3:26 | src | semmle.label | src |
|
||||
| domparser.js:2:7:2:36 | src | semmle.label | src |
|
||||
| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| domparser.js:6:37:6:39 | src | semmle.label | src |
|
||||
| domparser.js:11:55:11:57 | src | semmle.label | src |
|
||||
| domparser.js:14:57:14:59 | src | semmle.label | src |
|
||||
| domparser.js:5:37:5:39 | src | semmle.label | src |
|
||||
| domparser.js:9:55:9:57 | src | semmle.label | src |
|
||||
| domparser.js:11:57:11:59 | src | semmle.label | src |
|
||||
| expat.js:6:16:6:36 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| jquery.js:2:7:2:36 | src | semmle.label | src |
|
||||
| jquery.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
|
||||
| jquery.js:5:14:5:16 | src | semmle.label | src |
|
||||
| libxml.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| jquery.js:4:14:4:16 | src | semmle.label | src |
|
||||
| libxml.js:5:21:5:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
|
||||
subpaths
|
||||
#select
|
||||
| closure.js:4:24:4:26 | src | closure.js:2:13:2:36 | documen ... .search | closure.js:4:24:4:26 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | closure.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:6:37:6:39 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:6:37:6:39 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| closure.js:3:24:3:26 | src | closure.js:2:13:2:36 | documen ... .search | closure.js:3:24:3:26 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | closure.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:5:37:5:39 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:5:37:5:39 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:9:55:9:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:9:55:9:57 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| domparser.js:11:57:11:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:57:11:59 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | expat.js:6:16:6:36 | req.par ... e-xml") | user-provided value |
|
||||
| jquery.js:5:14:5:16 | src | jquery.js:2:13:2:36 | documen ... .search | jquery.js:5:14:5:16 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | jquery.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | user-provided value |
|
||||
| jquery.js:4:14:4:16 | src | jquery.js:2:13:2:36 | documen ... .search | jquery.js:4:14:4:16 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | jquery.js:2:13:2:36 | documen ... .search | user-provided value |
|
||||
| libxml.js:5:21:5:41 | req.par ... e-xml") | libxml.js:5:21:5:41 | req.par ... e-xml") | libxml.js:5:21:5:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.js:5:21:5:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.noent.js:5:21:5:41 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | user-provided value |
|
||||
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | user-provided value |
|
||||
|
||||
@@ -18,7 +18,7 @@ nodes
|
||||
| example_bypass.js:6:9:6:19 | req.cookies | semmle.label | req.cookies |
|
||||
| example_bypass.js:6:9:6:34 | req.coo ... nUserId | semmle.label | req.coo ... nUserId |
|
||||
| example_bypass.js:6:40:6:56 | req.params.userId | semmle.label | req.params.userId |
|
||||
| example_bypass.js:17:46:17:62 | req.params.userId | semmle.label | req.params.userId |
|
||||
| example_bypass.js:16:46:16:62 | req.params.userId | semmle.label | req.params.userId |
|
||||
| tst.js:9:8:9:26 | req.params.shutDown | semmle.label | req.params.shutDown |
|
||||
| tst.js:13:9:13:19 | req.cookies | semmle.label | req.cookies |
|
||||
| tst.js:13:9:13:30 | req.coo ... inThing | semmle.label | req.coo ... inThing |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
| DynamicCreationOfUntrustedSourceUse.html:19:28:19:129 | ('https ... /ga.js' | Script loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:23:26:23:50 | 'http:/ ... e.com/' | Iframe loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:34:27:34:40 | getUrl('v123') | Iframe loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:38:41:38:76 | 'http:/ ... e.html' | Iframe loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:18:28:18:129 | ('https ... /ga.js' | Script loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:21:26:21:50 | 'http:/ ... e.com/' | Iframe loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:31:27:31:40 | getUrl('v123') | Iframe loaded using unencrypted connection. |
|
||||
| DynamicCreationOfUntrustedSourceUse.html:34:41:34:76 | 'http:/ ... e.html' | Iframe loaded using unencrypted connection. |
|
||||
| StaticCreationOfUntrustedSourceUse.html:6:9:6:56 | <script>...</> | Script loaded using unencrypted connection. |
|
||||
| StaticCreationOfUntrustedSourceUse.html:9:9:9:58 | <iframe>...</> | Iframe loaded using unencrypted connection. |
|
||||
| StaticCreationOfUntrustedSourceUse.html:21:9:21:155 | <script>...</> | Script loaded from content delivery network with no integrity check. |
|
||||
| StaticCreationOfUntrustedSourceUse.html:20:9:20:155 | <script>...</> | Script loaded from content delivery network with no integrity check. |
|
||||
|
||||
@@ -14,10 +14,10 @@ edges
|
||||
| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | provenance | |
|
||||
| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | |
|
||||
| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | |
|
||||
| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... K\\n } [foo] | provenance | |
|
||||
| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... t\\n } [foo] | provenance | |
|
||||
| tst.js:8:5:8:7 | foo | tst.js:17:7:17:9 | foo | provenance | |
|
||||
| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:10:14:10:14 | f [foo] | provenance | |
|
||||
| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:11:9:11:11 | foo | provenance | |
|
||||
| tst.js:10:5:12:5 | functio ... t\\n } [foo] | tst.js:10:14:10:14 | f [foo] | provenance | |
|
||||
| tst.js:10:5:12:5 | functio ... t\\n } [foo] | tst.js:11:9:11:11 | foo | provenance | |
|
||||
| tst.js:10:14:10:14 | f [foo] | tst.js:39:12:39:12 | f [foo] | provenance | |
|
||||
| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | provenance | |
|
||||
| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | provenance | |
|
||||
@@ -43,7 +43,7 @@ nodes
|
||||
| tst.js:6:5:6:7 | foo | semmle.label | foo |
|
||||
| tst.js:8:5:8:7 | foo | semmle.label | foo |
|
||||
| tst.js:8:5:8:7 | foo | semmle.label | foo |
|
||||
| tst.js:10:5:12:5 | functio ... K\\n } [foo] | semmle.label | functio ... K\\n } [foo] |
|
||||
| tst.js:10:5:12:5 | functio ... t\\n } [foo] | semmle.label | functio ... t\\n } [foo] |
|
||||
| tst.js:10:14:10:14 | f [foo] | semmle.label | f [foo] |
|
||||
| tst.js:11:9:11:11 | foo | semmle.label | foo |
|
||||
| tst.js:14:16:14:18 | bar | semmle.label | bar |
|
||||
|
||||
@@ -4,12 +4,12 @@ nodes
|
||||
| angularmerge.js:2:32:2:36 | event | semmle.label | event |
|
||||
| angularmerge.js:2:32:2:41 | event.data | semmle.label | event.data |
|
||||
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | semmle.label | req.query.foo |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... t\\n } | semmle.label | {\\n ... t\\n } |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | semmle.label | req.query.value |
|
||||
| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | semmle.label | opts [thing] |
|
||||
| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | semmle.label | {\\n ... e\\n } [thing] |
|
||||
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | semmle.label | req.query.value |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... t\\n } | semmle.label | {\\n ... t\\n } |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | semmle.label | opts [thing] |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | semmle.label | opts.thing |
|
||||
| webix/webix.html:3:34:3:38 | event | semmle.label | event |
|
||||
@@ -30,12 +30,12 @@ edges
|
||||
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | provenance | |
|
||||
| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | provenance | |
|
||||
| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | provenance | Config |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... t\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... t\\n } | provenance | |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | provenance | |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | provenance | |
|
||||
| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | provenance | |
|
||||
@@ -52,8 +52,8 @@ subpaths
|
||||
#select
|
||||
| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | user-controlled value | angularmerge.js:2:3:2:43 | angular ... .data)) | angular |
|
||||
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... t\\n } | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... t\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... t\\n } | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... t\\n } | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash |
|
||||
| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | webix/webix.html:3:34:3:38 | event | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.html:3:34:3:38 | event | user-controlled value | webix/webix.html:4:9:4:48 | webix.e ... .data)) | webix |
|
||||
| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | webix/webix.html:3:34:3:38 | event | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.html:3:34:3:38 | event | user-controlled value | webix/webix.html:5:9:5:46 | webix.c ... .data)) | webix |
|
||||
| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | webix/webix.js:3:30:3:34 | event | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | webix/webix.js:3:30:3:34 | event | user-controlled value | webix/webix.js:4:5:4:44 | webix.e ... .data)) | webix |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:2:1:2:9 | while(c ... reak;\\n} | This loop executes at most once. |
|
||||
| tst.js:13:3:13:29 | for (; ... et;\\n } | This loop executes at most once. |
|
||||
| tst.js:1:1:1:20 | while(c ... reak;\\n} | This loop executes at most once. |
|
||||
| tst.js:11:3:11:29 | for (; ... et;\\n } | This loop executes at most once. |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:3:2:3:11 | if (foo ... n true; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:2:1:5:1 | functio ... true;\\n} | Function f | tst.js:4:3:4:14 | return true; | elsewhere |
|
||||
| tst.js:101:2:101:11 | if (foo ... n true; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:100:9:103:1 | functio ... true;\\n} | Function u | tst.js:102:3:102:14 | return true; | elsewhere |
|
||||
| tst.js:107:2:107:7 | if (b)\\n\\t\\treturn 1; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:106:1:109:1 | functio ... rn 1;\\n} | Function v | tst.js:108:3:108:11 | return 1; | elsewhere |
|
||||
| tst.js:2:2:2:11 | if (foo ... n true; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:1:1:4:1 | functio ... true;\\n} | Function f | tst.js:3:3:3:14 | return true; | elsewhere |
|
||||
| tst.js:99:2:99:11 | if (foo ... n true; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:98:9:101:1 | functio ... true;\\n} | Function u | tst.js:100:3:100:14 | return true; | elsewhere |
|
||||
| tst.js:104:2:104:7 | if (b)\\n\\t\\treturn 1; | $@ may implicitly return 'undefined' here, while $@ an explicit value is returned. | tst.js:103:1:106:1 | functio ... rn 1;\\n} | Function v | tst.js:105:3:105:11 | return 1; | elsewhere |
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| tst.js:6:1:7:1 | for (j ... -j) {\\n} | This loop counts downward, but its variable is bounded upward. |
|
||||
| tst.js:10:1:11:1 | for (va ... ++) {\\n} | This loop counts upward, but its variable is bounded downward. |
|
||||
| tst.js:18:1:19:13 | for (i= ... i] = 0; | This loop counts downward, but its variable is bounded upward. |
|
||||
| tst.js:5:1:6:1 | for (j ... Alert\\n} | This loop counts downward, but its variable is bounded upward. |
|
||||
| tst.js:8:1:9:1 | for (va ... Alert\\n} | This loop counts upward, but its variable is bounded downward. |
|
||||
| tst.js:15:1:16:13 | for (i= ... i] = 0; | This loop counts downward, but its variable is bounded upward. |
|
||||
|
||||
@@ -1 +1 @@
|
||||
| tst.js:3:16:3:18 | i>5 | Nested for statement uses loop variable $@ of enclosing $@. | tst.js:3:23:3:23 | i | i | tst.js:1:1:9:1 | for (va ... , k);\\n} | for statement |
|
||||
| tst.js:2:16:2:18 | i>5 | Nested for statement uses loop variable $@ of enclosing $@. | tst.js:2:23:2:23 | i | i | tst.js:1:1:8:1 | for (va ... , k);\\n} | for statement |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.js:3:2:3:15 | return x = 23; | The assignment to x is useless, since it is a local variable and will go out of scope. |
|
||||
| tst.js:9:2:9:15 | return x = 23; | The assignment to x is useless, since it is a local variable and will go out of scope. |
|
||||
| tst.js:2:2:2:15 | return x = 23; | The assignment to x is useless, since it is a local variable and will go out of scope. |
|
||||
| tst.js:7:2:7:15 | return x = 23; | The assignment to x is useless, since it is a local variable and will go out of scope. |
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
| tst.html:9:66:9:78 | return false; | Return statement outside function. |
|
||||
| tst.js:2:1:2:10 | return 42; | Return statement outside function. |
|
||||
| tst.js:1:1:1:10 | return 42; | Return statement outside function. |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
| tst.js:4:7:4:11 | let x | For loop variable x is not used in the loop body. |
|
||||
| tst.js:138:6:138:23 | const [key, value] | For loop variable value is not used in the loop body. |
|
||||
| tst.js:151:6:151:35 | const [ ... value] | For loop variable value is not used in the loop body. |
|
||||
| tst.js:152:6:152:10 | let i | For loop variable i is not used in the loop body. |
|
||||
| tst.js:3:7:3:11 | let x | For loop variable x is not used in the loop body. |
|
||||
| tst.js:136:6:136:23 | const [key, value] | For loop variable value is not used in the loop body. |
|
||||
| tst.js:148:6:148:35 | const [ ... value] | For loop variable value is not used in the loop body. |
|
||||
| tst.js:149:6:149:10 | let i | For loop variable i is not used in the loop body. |
|
||||
|
||||
Reference in New Issue
Block a user