mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
add more steps to the SplitPath label
This commit is contained in:
Erik Krogh Kristensen
@@ -116,13 +116,38 @@ module TaintedPath {
|
||||
name = "pop" or
|
||||
name = "shift" or
|
||||
name = "slice" or
|
||||
name = "splice"
|
||||
name = "splice" or
|
||||
name = "concat"
|
||||
) and
|
||||
dstlabel instanceof Label::SplitPath and
|
||||
srclabel instanceof Label::SplitPath
|
||||
or
|
||||
name = "join" and
|
||||
mcn.getArgument(0).mayHaveStringValue("/") and
|
||||
mcn.getArgument(0).mayHaveStringValue("/") and
|
||||
srclabel instanceof Label::SplitPath and
|
||||
dstlabel.(Label::PosixPath).canContainDotDotSlash()
|
||||
)
|
||||
or
|
||||
// prefix.concat(path)
|
||||
exists(DataFlow::MethodCallNode mcn |
|
||||
mcn.getMethodName() = "concat" and mcn.getAnArgument() = src
|
||||
|
|
||||
dst = mcn and
|
||||
dstlabel instanceof Label::SplitPath and
|
||||
srclabel instanceof Label::SplitPath
|
||||
)
|
||||
or
|
||||
// reading unknown property of split path
|
||||
exists(DataFlow::PropRead read | read = dst |
|
||||
src = read.getBase() and
|
||||
not read.getPropertyName() = "length" and
|
||||
not exists(read.getPropertyNameExpr().getIntValue()) and
|
||||
// split[split.length - 1]
|
||||
not exists(BinaryExpr binop |
|
||||
read.getPropertyNameExpr() = binop and
|
||||
binop.getAnOperand().getIntValue() = 1 and
|
||||
binop.getAnOperand().(PropAccess).getPropertyName() = "length"
|
||||
) and
|
||||
srclabel instanceof Label::SplitPath and
|
||||
dstlabel.(Label::PosixPath).canContainDotDotSlash()
|
||||
)
|
||||
|
||||
@@ -887,6 +887,225 @@ nodes
|
||||
| TaintedPath.js:121:23:121:26 | path |
|
||||
| TaintedPath.js:121:23:121:26 | path |
|
||||
| TaintedPath.js:121:23:121:26 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:24:126:30 | req.url |
|
||||
| TaintedPath.js:126:24:126:30 | req.url |
|
||||
| TaintedPath.js:126:24:126:30 | req.url |
|
||||
| TaintedPath.js:126:24:126:30 | req.url |
|
||||
| TaintedPath.js:126:24:126:30 | req.url |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| normalizedPaths.js:11:7:11:27 | path |
|
||||
| normalizedPaths.js:11:7:11:27 | path |
|
||||
| normalizedPaths.js:11:7:11:27 | path |
|
||||
@@ -1631,6 +1850,64 @@ nodes
|
||||
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:24:18:24:21 | path |
|
||||
| tainted-string-steps.js:24:18:24:21 | path |
|
||||
| tainted-string-steps.js:24:18:24:21 | path |
|
||||
@@ -3194,6 +3471,290 @@ edges
|
||||
| TaintedPath.js:119:23:119:29 | req.url | TaintedPath.js:119:13:119:36 | url.par ... , true) |
|
||||
| TaintedPath.js:119:23:119:29 | req.url | TaintedPath.js:119:13:119:36 | url.par ... , true) |
|
||||
| TaintedPath.js:119:23:119:29 | req.url | TaintedPath.js:119:13:119:36 | url.par ... , true) |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted |
|
||||
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 |
|
||||
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") |
|
||||
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
|
||||
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
|
||||
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
|
||||
@@ -3793,6 +4354,30 @@ edges
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
|
||||
| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path |
|
||||
@@ -4193,6 +4778,62 @@ edges
|
||||
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] |
|
||||
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
|
||||
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
|
||||
| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") |
|
||||
@@ -4370,6 +5011,12 @@ edges
|
||||
| TaintedPath.js:109:28:109:48 | fs.real ... c(path) | TaintedPath.js:107:23:107:29 | req.url | TaintedPath.js:109:28:109:48 | fs.real ... c(path) | This path depends on $@. | TaintedPath.js:107:23:107:29 | req.url | a user-provided value |
|
||||
| TaintedPath.js:112:45:112:52 | realpath | TaintedPath.js:107:23:107:29 | req.url | TaintedPath.js:112:45:112:52 | realpath | This path depends on $@. | TaintedPath.js:107:23:107:29 | req.url | a user-provided value |
|
||||
| TaintedPath.js:121:23:121:26 | path | TaintedPath.js:119:23:119:29 | req.url | TaintedPath.js:121:23:121:26 | path | This path depends on $@. | TaintedPath.js:119:23:119:29 | req.url | a user-provided value |
|
||||
| TaintedPath.js:128:19:128:22 | path | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:128:19:128:22 | path | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| TaintedPath.js:132:19:132:33 | split.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:132:19:132:33 | split.join("/") | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| TaintedPath.js:136:19:136:26 | split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:136:19:136:26 | split[x] | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| TaintedPath.js:137:19:137:35 | prefix + split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:137:19:137:35 | prefix + split[x] | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| TaintedPath.js:140:19:140:37 | concatted.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:140:19:140:37 | concatted.join("/") | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| TaintedPath.js:143:19:143:38 | concatted2.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:143:19:143:38 | concatted2.join("/") | This path depends on $@. | TaintedPath.js:126:24:126:30 | req.url | a user-provided value |
|
||||
| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
|
||||
| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
|
||||
@@ -4426,6 +5073,8 @@ edges
|
||||
| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on $@. | tainted-string-steps.js:6:24:6:30 | req.url | a user-provided value |
|
||||
|
||||
@@ -121,3 +121,25 @@ var server = http.createServer(function(req, res) {
|
||||
require('send')(req, path); // NOT OK
|
||||
|
||||
});
|
||||
|
||||
var server = http.createServer(function(req, res) {
|
||||
let path = url.parse(req.url, true).query.path;
|
||||
|
||||
fs.readFileSync(path); // NOT OK
|
||||
|
||||
var split = path.split("/");
|
||||
|
||||
fs.readFileSync(split.join("/")); // NOT OK
|
||||
|
||||
fs.readFileSync(prefix + split[split.length - 1]) // OK
|
||||
|
||||
fs.readFileSync(split[x]) // NOT OK
|
||||
fs.readFileSync(prefix + split[x]) // NOT OK
|
||||
|
||||
var concatted = prefix.concat(split);
|
||||
fs.readFileSync(concatted.join("/")); // NOT OK
|
||||
|
||||
var concatted2 = split.concat(prefix);
|
||||
fs.readFileSync(concatted2.join("/")); // NOT OK
|
||||
|
||||
});
|
||||
@@ -17,14 +17,15 @@ var server = http.createServer(function(req, res) {
|
||||
fs.readFileSync(path.trim()); // NOT OK
|
||||
fs.readFileSync(path.toLowerCase()); // NOT OK
|
||||
|
||||
fs.readFileSync(path.split('/')); // OK -- for now
|
||||
fs.readFileSync(path.split('/')); // OK (readFile throws an exception when the filename is an array)
|
||||
fs.readFileSync(path.split('/')[0]); // OK -- for now
|
||||
fs.readFileSync(path.split('/')[i]); // OK -- for now
|
||||
fs.readFileSync(path.split(/\//)[i]); // OK -- for now
|
||||
fs.readFileSync(path.split('/')[i]); // NOT OK
|
||||
fs.readFileSync(path.split(/\//)[i]); // NOT OK
|
||||
fs.readFileSync(path.split("?")[0]); // NOT OK
|
||||
fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged
|
||||
fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged
|
||||
fs.readFileSync(path.split(unknown)); // NOT OK
|
||||
fs.readFileSync(path.split("?")[i]); // NOT OK -- but not yet flagged
|
||||
});
|
||||
|
||||
server.listen();
|
||||
|
||||
Reference in New Issue
Block a user