hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
aegilops
2025-01-23 17:00:56 +00:00
parent da68a04cd1 4311553fa0
commit 522f3d1337
1407 changed files with 112486 additions and 49200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.expected
View File

@@ -1,28 +1,29 @@
| tst-IncompleteHostnameRegExp.js:3:3:3:28 | ^http:\\/\\/test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:3:2:3:29 | /^http: ... le.com/ | here |
| tst-IncompleteHostnameRegExp.js:5:3:5:28 | ^http:\\/\\/test.example.net | This regular expression has an unescaped '.' before 'example.net', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:5:2:5:29 | /^http: ... le.net/ | here |
| tst-IncompleteHostnameRegExp.js:6:3:6:42 | ^http:\\/\\/test.(example-a\|example-b).com | This regular expression has an unescaped '.' before '(example-a\|example-b).com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:6:2:6:43 | /^http: ... b).com/ | here |
| tst-IncompleteHostnameRegExp.js:7:3:7:30 | ^http:\\/\\/(.+).example.com\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:7:2:7:31 | /^http: ... .com\\// | here |
| tst-IncompleteHostnameRegExp.js:7:3:7:30 | ^http:\\/\\/(.+).example.com\\/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example.com' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:7:2:7:31 | /^http: ... .com\\// | here |
| tst-IncompleteHostnameRegExp.js:10:3:10:36 | ^http:\\/\\/test.example.com\\/(?:.*) | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:10:2:10:37 | /^http: ... (?:.*)/ | here |
| tst-IncompleteHostnameRegExp.js:11:14:11:37 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:11:13:11:38 | "^http: ... le.com" | here |
| tst-IncompleteHostnameRegExp.js:12:15:12:38 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:12:14:12:39 | "^http: ... le.com" | here |
| tst-IncompleteHostnameRegExp.js:15:23:15:46 | ^http://test.example.com | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:15:13:15:50 | id(id(i ... com"))) | here |
| tst-IncompleteHostnameRegExp.js:19:18:19:34 | ^test.example.com | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:20:13:20:26 | `${hostname}$` | here |
| tst-IncompleteHostnameRegExp.js:22:28:22:44 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:23:13:23:27 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:28:24:28:40 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:26:21:26:35 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:30:31:30:47 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:32:21:32:35 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:37:3:37:53 | ^(https?:)?\\/\\/((service\|www).)?example.com(?=$\|\\/) | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:37:2:37:54 | /^(http ... =$\|\\/)/ | here |
| tst-IncompleteHostnameRegExp.js:38:3:38:43 | ^(http\|https):\\/\\/www.example.com\\/p\\/f\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:38:2:38:44 | /^(http ... p\\/f\\// | here |
| tst-IncompleteHostnameRegExp.js:39:5:39:30 | http:\\/\\/sub.example.com\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:39:2:39:33 | /^(http ... om\\/)/g | here |
| tst-IncompleteHostnameRegExp.js:40:3:40:29 | ^https?:\\/\\/api.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:40:2:40:30 | /^https ... le.com/ | here |
| tst-IncompleteHostnameRegExp.js:41:42:41:48 | ^https?://.+\\.example\\.com/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example\\.com/' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:41:13:41:71 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:43:3:43:32 | ^https:\\/\\/[a-z]*.example.com$ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:43:2:43:33 | /^https ... e.com$/ | here |
| tst-IncompleteHostnameRegExp.js:44:32:44:45 | .+.example.net | This regular expression has an unescaped '.' before 'example.net', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:44:9:44:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:44:47:44:62 | .+.example-a.com | This regular expression has an unescaped '.' before 'example-a.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:44:9:44:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:44:64:44:79 | .+.example-b.com | This regular expression has an unescaped '.' before 'example-b.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:44:9:44:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:48:42:48:47 | ^https?://.+.example\\.com/ | This regular expression has an unescaped '.' before 'example\\.com/', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:48:13:48:69 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:48:42:48:47 | ^https?://.+.example\\.com/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example\\.com/' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:48:13:48:69 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:53:14:53:35 | test.example.com$ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:53:13:53:36 | 'test.' ... e.com$' | here |
| tst-IncompleteHostnameRegExp.js:55:14:55:38 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:55:13:55:39 | '^http: ... le.com' | here |
| tst-IncompleteHostnameRegExp.js:59:5:59:20 | foo.example\\.com | This regular expression has an unescaped '.' before 'example\\.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:59:2:59:32 | /^(foo. ... ever)$/ | here |
| tst-IncompleteHostnameRegExp.js:61:18:61:41 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:61:17:61:42 | "^http: ... le.com" | here |
| tst-IncompleteHostnameRegExp.js:6:3:6:28 | ^http:\\/\\/test.example.net | This regular expression has an unescaped '.' before 'example.net', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:6:2:6:29 | /^http: ... le.net/ | here |
| tst-IncompleteHostnameRegExp.js:7:3:7:42 | ^http:\\/\\/test.(example-a\|example-b).com | This regular expression has an unescaped '.' before '(example-a\|example-b).com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:7:2:7:43 | /^http: ... b).com/ | here |
| tst-IncompleteHostnameRegExp.js:8:3:8:30 | ^http:\\/\\/(.+).example.com\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:8:2:8:31 | /^http: ... .com\\// | here |
| tst-IncompleteHostnameRegExp.js:8:3:8:30 | ^http:\\/\\/(.+).example.com\\/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example.com' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:8:2:8:31 | /^http: ... .com\\// | here |
| tst-IncompleteHostnameRegExp.js:10:3:10:39 | ^http:\\/\\/(?:.+)\\.test\\.example.com\\/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example.com' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:10:2:10:40 | /^http: ... .com\\// | here |
| tst-IncompleteHostnameRegExp.js:11:3:11:36 | ^http:\\/\\/test.example.com\\/(?:.*) | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:11:2:11:37 | /^http: ... (?:.*)/ | here |
| tst-IncompleteHostnameRegExp.js:12:14:12:37 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:12:13:12:38 | "^http: ... le.com" | here |
| tst-IncompleteHostnameRegExp.js:13:15:13:38 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:13:14:13:39 | "^http: ... le.com" | here |
| tst-IncompleteHostnameRegExp.js:16:23:16:46 | ^http://test.example.com | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:16:13:16:50 | id(id(i ... com"))) | here |
| tst-IncompleteHostnameRegExp.js:20:18:20:34 | ^test.example.com | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:21:13:21:26 | `${hostname}$` | here |
| tst-IncompleteHostnameRegExp.js:23:28:23:44 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:24:13:24:27 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:29:24:29:40 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:27:21:27:35 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:31:31:31:47 | test.example.com$ | This string, which is used as a regular expression $@, has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:33:21:33:35 | domain.hostname | here |
| tst-IncompleteHostnameRegExp.js:38:3:38:53 | ^(https?:)?\\/\\/((service\|www).)?example.com(?=$\|\\/) | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:38:2:38:54 | /^(http ... =$\|\\/)/ | here |
| tst-IncompleteHostnameRegExp.js:39:3:39:43 | ^(http\|https):\\/\\/www.example.com\\/p\\/f\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:39:2:39:44 | /^(http ... p\\/f\\// | here |
| tst-IncompleteHostnameRegExp.js:40:5:40:30 | http:\\/\\/sub.example.com\\/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:40:2:40:33 | /^(http ... om\\/)/g | here |
| tst-IncompleteHostnameRegExp.js:41:3:41:29 | ^https?:\\/\\/api.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:41:2:41:30 | /^https ... le.com/ | here |
| tst-IncompleteHostnameRegExp.js:42:42:42:48 | ^https?://.+\\.example\\.com/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example\\.com/' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:42:13:42:71 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:44:3:44:32 | ^https:\\/\\/[a-z]*.example.com$ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:44:2:44:33 | /^https ... e.com$/ | here |
| tst-IncompleteHostnameRegExp.js:45:32:45:45 | .+.example.net | This regular expression has an unescaped '.' before 'example.net', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:45:9:45:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:45:47:45:62 | .+.example-a.com | This regular expression has an unescaped '.' before 'example-a.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:45:9:45:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:45:64:45:79 | .+.example-b.com | This regular expression has an unescaped '.' before 'example-b.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:45:9:45:101 | '^proto ... ernal)' | here |
| tst-IncompleteHostnameRegExp.js:49:42:49:47 | ^https?://.+.example\\.com/ | This regular expression has an unescaped '.' before 'example\\.com/', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:49:13:49:69 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:49:42:49:47 | ^https?://.+.example\\.com/ | This regular expression has an unrestricted wildcard '.+' which may cause 'example\\.com/' to be matched anywhere in the URL, outside the hostname. | tst-IncompleteHostnameRegExp.js:49:13:49:69 | '^http: ... \\.com/' | here |
| tst-IncompleteHostnameRegExp.js:54:14:54:35 | test.example.com$ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:54:13:54:36 | 'test.' ... e.com$' | here |
| tst-IncompleteHostnameRegExp.js:56:14:56:38 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:56:13:56:39 | '^http: ... le.com' | here |
| tst-IncompleteHostnameRegExp.js:60:5:60:20 | foo.example\\.com | This regular expression has an unescaped '.' before 'example\\.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:60:2:60:32 | /^(foo. ... ever)$/ | here |
| tst-IncompleteHostnameRegExp.js:62:18:62:41 | ^http://test.example.com | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. | tst-IncompleteHostnameRegExp.js:62:17:62:42 | "^http: ... le.com" | here |

3
javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/IncompleteHostnameRegExp.qlref
View File

@@ -1 +1,2 @@
Security/CWE-020/IncompleteHostnameRegExp.ql
query: Security/CWE-020/IncompleteHostnameRegExp.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

65
javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp/tst-IncompleteHostnameRegExp.js
View File

@@ -1,62 +1,63 @@
(function() {
/^http:\/\/example.com/; // OK
/^http:\/\/test.example.com/; // NOT OK
/^http:\/\/test\\.example.com/; // OK
/^http:\/\/test.example.net/; // NOT OK
/^http:\/\/test.(example-a|example-b).com/; // NOT OK
/^http:\/\/(.+).example.com\//; // NOT OK
/^http:\/\/(\\.+)\\.example.com/; // OK
/^http:\/\/(?:.+)\\.test\\.example.com\//; // NOT OK
/^http:\/\/test.example.com\/(?:.*)/; // OK
new RegExp("^http://test.example.com"); // NOT OK
if (s.match("^http://test.example.com")) {} // NOT OK
/^http:\/\/example.com/;
/^http:\/\/test.example.com/; // $ Alert
/^http:\/\/test\.example.com/; // OK - escaped dot
/^http:\/\/test\\.example.com/; // OK - contains actual backslash, so not really a hostname
/^http:\/\/test.example.net/; // $ Alert
/^http:\/\/test.(example-a|example-b).com/; // $ Alert
/^http:\/\/(.+).example.com\//; // $ Alert
/^http:\/\/(\.+)\.example.com/;
/^http:\/\/(?:.+)\.test\.example.com\//; // $ Alert
/^http:\/\/test.example.com\/(?:.*)/; // $ Alert
new RegExp("^http://test.example.com"); // $ Alert
if (s.match("^http://test.example.com")) {} // $ Alert
function id(e) { return e; }
new RegExp(id(id(id("^http://test.example.com")))); // NOT OK
new RegExp(id(id(id("^http://test.example.com")))); // $ Alert
new RegExp(`test.example.com$`); // NOT OK
new RegExp(`test.example.com$`); // $ MISSING: Alert
let hostname = '^test.example.com'; // NOT OK
let hostname = '^test.example.com'; // $ Alert
new RegExp(`${hostname}$`);
let domain = { hostname: 'test.example.com$' }; // NOT OK
let domain = { hostname: 'test.example.com$' }; // $ Alert
new RegExp(domain.hostname);
function convert1(domain) {
return new RegExp(domain.hostname);
}
convert1({ hostname: 'test.example.com$' }); // NOT OK
convert1({ hostname: 'test.example.com$' }); // $ Alert
let domains = [ { hostname: 'test.example.com$' } ]; // NOT OK
let domains = [ { hostname: 'test.example.com$' } ]; // $ Alert
function convert2(domain) {
return new RegExp(domain.hostname);
}
domains.map(d => convert2(d));
/^(.+\.(?:example-a|example-b)\.com)\//; // NOT OK
/^(https?:)?\/\/((service|www).)?example.com(?=$|\/)/; // NOT OK
/^(http|https):\/\/www.example.com\/p\/f\//; // NOT OK
/^(http:\/\/sub.example.com\/)/g; // NOT OK
/^https?:\/\/api.example.com/; // NOT OK
new RegExp('^http://localhost:8000|' + '^https?://.+\\.example\\.com/'); // NOT OK
new RegExp('^http[s]?:\/\/?sub1\\.sub2\\.example\\.com\/f\/(.+)'); // NOT OK
/^https:\/\/[a-z]*.example.com$/; // NOT OK
RegExp('^protos?://(localhost|.+.example.net|.+.example-a.com|.+.example-b.com|.+.example.internal)'); // NOT OK
/^(.+\.(?:example-a|example-b)\.com)\//; // $ MISSING: Alert
/^(https?:)?\/\/((service|www).)?example.com(?=$|\/)/; // $ Alert
/^(http|https):\/\/www.example.com\/p\/f\//; // $ Alert
/^(http:\/\/sub.example.com\/)/g; // $ Alert
/^https?:\/\/api.example.com/; // $ Alert
new RegExp('^http://localhost:8000|' + '^https?://.+\\.example\\.com/'); // $ Alert
new RegExp('^http[s]?:\/\/?sub1\\.sub2\\.example\\.com\/f\/(.+)');
/^https:\/\/[a-z]*.example.com$/; // $ Alert
RegExp('^protos?://(localhost|.+.example.net|.+.example-a.com|.+.example-b.com|.+.example.internal)'); // $ Alert
/^(example.dev|example.com)/; // OK
new RegExp('^http://localhost:8000|' + '^https?://.+.example\\.com/'); // NOT OK
new RegExp('^http://localhost:8000|' + '^https?://.+.example\\.com/'); // $ Alert
var primary = 'example.com$';
new RegExp('test.' + primary); // NOT OK, but not detected
new RegExp('test.' + primary); // $ MISSING: Alert
new RegExp('test.' + 'example.com$'); // NOT OK
new RegExp('test.' + 'example.com$'); // $ Alert
new RegExp('^http://test\.example.com'); // NOT OK
new RegExp('^http://test\.example.com'); // $ Alert
/^http:\/\/(..|...)\.example\.com\/index\.html/; // OK, wildcards are intentional
/^http:\/\/.\.example\.com\/index\.html/; // OK, the wildcard is intentional
/^(foo.example\.com|whatever)$/; // kinda OK - one disjunction doesn't even look like a hostname
/^(foo.example\.com|whatever)$/; // $ Alert (but kinda OK - one disjunction doesn't even look like a hostname)
if (s.matchAll("^http://test.example.com")) {} // NOT OK
if (s.matchAll("^http://test.example.com")) {} // $ Alert
});

2
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.expected
View File

@@ -11,5 +11,5 @@
| IncompleteUrlSchemeCheck.js:87:7:87:40 | /^(java ... scheme) | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:94:10:94:15 | scheme | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:104:6:104:39 | /^(java ... scheme) | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:110:12:112:29 | url // ... :/, "") | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:110:12:112:29 | url\\n ... :/, "") | This check does not consider vbscript:. |
| IncompleteUrlSchemeCheck.js:124:11:124:34 | url.rep ... :/, "") | This check does not consider vbscript:. |

38
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.js
View File

@@ -2,7 +2,7 @@ import * as dummy from 'dummy';
function sanitizeUrl(url) {
let u = decodeURI(url).trim().toLowerCase();
if (u.startsWith("javascript:")) // NOT OK
if (u.startsWith("javascript:")) // $ Alert
return "about:blank";
return url;
}
@@ -13,28 +13,28 @@ let badProtocolsGood = ['javascript:', 'data:', 'vbscript:'];
function test2(url) {
let protocol = new URL(url).protocol;
if (badProtocols.includes(protocol)) // NOT OK
if (badProtocols.includes(protocol)) // $ Alert
return "about:blank";
return url;
}
function test3(url) {
let scheme = goog.uri.utils.getScheme(url);
if (badProtocolNoColon.includes(scheme)) // NOT OK
if (badProtocolNoColon.includes(scheme)) // $ Alert
return "about:blank";
return url;
}
function test4(url) {
let scheme = url.split(':')[0];
if (badProtocolNoColon.includes(scheme)) // NOT OK
if (badProtocolNoColon.includes(scheme)) // $ Alert
return "about:blank";
return url;
}
function test5(url) {
let scheme = url.split(':')[0];
if (scheme === "javascript") // NOT OK
if (scheme === "javascript") // $ Alert
return "about:blank";
return url;
}
@@ -48,35 +48,35 @@ function test6(url) {
function test7(url) {
let scheme = url.split(/:/)[0];
if (scheme === "javascript") // NOT OK
if (scheme === "javascript") // $ Alert
return "about:blank";
return url;
}
function test8(url) {
let scheme = goog.uri.utils.getScheme(url);
if ("javascript|data".split("|").indexOf(scheme) !== -1) // NOT OK
if ("javascript|data".split("|").indexOf(scheme) !== -1) // $ Alert
return "about:blank";
return url;
}
function test9(url) {
let scheme = goog.uri.utils.getScheme(url);
if ("javascript" === scheme || "data" === scheme) // NOT OK
if ("javascript" === scheme || "data" === scheme) // $ Alert
return "about:blank";
return url;
}
function test10(url) {
let scheme = goog.uri.utils.getScheme(url);
if (/^(javascript|data)$/.exec(scheme) !== null) // NOT OK
if (/^(javascript|data)$/.exec(scheme) !== null) // $ Alert
return "about:blank";
return url;
}
function test11(url) {
let scheme = goog.uri.utils.getScheme(url);
if (/^(javascript|data)$/.exec(scheme) === null) // NOT OK
if (/^(javascript|data)$/.exec(scheme) === null) // $ Alert
return url;
return "about:blank";
}
@@ -84,15 +84,15 @@ function test11(url) {
function test12(url) {
let scheme = goog.uri.utils.getScheme(url);
if (!/^(javascript|data)$/.exec(scheme)) // NOT OK
if (!/^(javascript|data)$/.exec(scheme)) // $ Alert
return url;
return "about:blank";
}
function test13(url) {
let scheme = goog.uri.utils.getScheme(url);
switch (scheme) {
case "javascript": // NOT OK
switch (scheme) { // $ Alert
case "javascript":
case "data":
return "about:blank";
default:
@@ -101,15 +101,15 @@ function test13(url) {
}
function test14(url) {
let scheme = goog.uri.utils.getScheme(url);
if (/^(javascript|data)$/.exec(scheme)) // NOT OK
if (/^(javascript|data)$/.exec(scheme)) // $ Alert
return "about:blank";
return url;
}
function chain1(url) {
return url // NOT OK
return url
.replace(/javascript:/, "")
.replace(/data:/, "");
.replace(/data:/, ""); // $ Alert
}
function chain2(url) {
@@ -121,10 +121,10 @@ function chain2(url) {
function chain3(url) {
url = url.replace(/javascript:/, "")
url = url.replace(/data:/, ""); // NOT OK
url = url.replace(/data:/, ""); // $ Alert
return url;
}
function chain4(url) {
return url.replace(/(javascript|data):/, ""); // NOT OK - but not flagged [INCONSISTENCY]
}
return url.replace(/(javascript|data):/, ""); // $ MISSING: Alert
}

3
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck/IncompleteUrlSchemeCheck.qlref
View File

@@ -1 +1,2 @@
Security/CWE-020/IncompleteUrlSchemeCheck.ql
query: Security/CWE-020/IncompleteUrlSchemeCheck.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

3
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/IncompleteUrlSubstringSanitization.qlref
View File

@@ -1 +1,2 @@
Security/CWE-020/IncompleteUrlSubstringSanitization.ql
query: Security/CWE-020/IncompleteUrlSubstringSanitization.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

110
javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSubstringSanitization/tst-IncompleteUrlSubstringSanitization.js
View File

@@ -1,76 +1,76 @@
(function(x){
x.indexOf("internal") !== -1; // NOT OK, but not flagged
x.indexOf("localhost") !== -1; // NOT OK, but not flagged
x.indexOf("secure.com") !== -1; // NOT OK
x.indexOf("secure.net") !== -1; // NOT OK
x.indexOf(".secure.com") !== -1; // NOT OK
x.indexOf("sub.secure.") !== -1; // NOT OK, but not flagged
x.indexOf(".sub.secure.") !== -1; // NOT OK, but not flagged
x.indexOf("internal") !== -1; // $ MISSING: Alert
x.indexOf("localhost") !== -1; // $ MISSING: Alert
x.indexOf("secure.com") !== -1; // $ Alert
x.indexOf("secure.net") !== -1; // $ Alert
x.indexOf(".secure.com") !== -1; // $ Alert
x.indexOf("sub.secure.") !== -1; // $ MISSING: Alert
x.indexOf(".sub.secure.") !== -1; // $ MISSING: Alert
x.indexOf("secure.com") === -1; // NOT OK
x.indexOf("secure.com") === 0; // NOT OK
x.indexOf("secure.com") >= 0; // NOT OK
x.indexOf("secure.com") === -1; // $ Alert
x.indexOf("secure.com") === 0; // $ Alert
x.indexOf("secure.com") >= 0; // $ Alert
x.startsWith("https://secure.com"); // NOT OK
x.endsWith("secure.com"); // NOT OK
x.endsWith(".secure.com"); // OK
x.startsWith("secure.com/"); // OK
x.indexOf("secure.com/") === 0; // OK
x.startsWith("https://secure.com"); // $ Alert
x.endsWith("secure.com"); // $ Alert
x.endsWith(".secure.com");
x.startsWith("secure.com/");
x.indexOf("secure.com/") === 0;
x.includes("secure.com"); // NOT OK
x.includes("secure.com"); // $ Alert
x.indexOf("#") !== -1; // OK
x.indexOf(":") !== -1; // OK
x.indexOf(":/") !== -1; // OK
x.indexOf("://") !== -1; // OK
x.indexOf("//") !== -1; // OK
x.indexOf(":443") !== -1; // OK
x.indexOf("/some/path/") !== -1; // OK
x.indexOf("some/path") !== -1; // OK
x.indexOf("/index.html") !== -1; // OK
x.indexOf(":template:") !== -1; // OK
x.indexOf("https://secure.com") !== -1; // NOT OK
x.indexOf("https://secure.com:443") !== -1; // NOT OK
x.indexOf("https://secure.com/") !== -1; // NOT OK
x.indexOf("#") !== -1;
x.indexOf(":") !== -1;
x.indexOf(":/") !== -1;
x.indexOf("://") !== -1;
x.indexOf("//") !== -1;
x.indexOf(":443") !== -1;
x.indexOf("/some/path/") !== -1;
x.indexOf("some/path") !== -1;
x.indexOf("/index.html") !== -1;
x.indexOf(":template:") !== -1;
x.indexOf("https://secure.com") !== -1; // $ Alert
x.indexOf("https://secure.com:443") !== -1; // $ Alert
x.indexOf("https://secure.com/") !== -1; // $ Alert
x.indexOf(".cn") !== -1; // NOT OK, but not flagged
x.indexOf(".jpg") !== -1; // OK
x.indexOf("index.html") !== -1; // OK
x.indexOf("index.js") !== -1; // OK
x.indexOf("index.php") !== -1; // OK
x.indexOf("index.css") !== -1; // OK
x.indexOf(".cn") !== -1; // $ MISSING: Alert
x.indexOf(".jpg") !== -1;
x.indexOf("index.html") !== -1;
x.indexOf("index.js") !== -1;
x.indexOf("index.php") !== -1;
x.indexOf("index.css") !== -1;
x.indexOf("secure=true") !== -1; // OK (query param)
x.indexOf("&auth=") !== -1; // OK (query param)
x.indexOf(getCurrentDomain()) !== -1; // NOT OK, but not flagged
x.indexOf(location.origin) !== -1; // NOT OK, but not flagged
x.indexOf(getCurrentDomain()) !== -1; // $ MISSING: Alert
x.indexOf(location.origin) !== -1; // $ MISSING: Alert
x.indexOf("tar.gz") + offset; // OK
x.indexOf("tar.gz") - offset; // OK
x.indexOf("tar.gz") + offset;
x.indexOf("tar.gz") - offset;
x.indexOf("https://example.internal") !== -1; // NOT OK
x.indexOf("https://") !== -1; // OK
x.indexOf("https://example.internal") !== -1; // $ Alert
x.indexOf("https://") !== -1;
x.startsWith("https://example.internal"); // NOT OK
x.indexOf('https://example.internal.org') !== 0; // NOT OK
x.indexOf('https://example.internal.org') === 0; // NOT OK
x.endsWith("internal.com"); // NOT OK
x.startsWith("https://example.internal:80"); // OK
x.startsWith("https://example.internal"); // $ Alert
x.indexOf('https://example.internal.org') !== 0; // $ Alert
x.indexOf('https://example.internal.org') === 0; // $ Alert
x.endsWith("internal.com"); // $ Alert
x.startsWith("https://example.internal:80");
x.indexOf("secure.com") !== -1; // NOT OK
x.indexOf("secure.com") === -1; // OK
!(x.indexOf("secure.com") !== -1); // OK
!x.includes("secure.com"); // OK
x.indexOf("secure.com") !== -1; // $ Alert
x.indexOf("secure.com") === -1; // $ Alert
!(x.indexOf("secure.com") !== -1); // $ Alert
!x.includes("secure.com"); // $ Alert
if(!x.includes("secure.com")) { // NOT OK
if(!x.includes("secure.com")) { // $ Alert
} else {
doSomeThingWithTrustedURL(x);
}
x.startsWith("https://secure.com/foo/bar"); // OK - a forward slash after the domain makes prefix checks safe.
x.indexOf("https://secure.com/foo/bar") >= 0 // NOT OK - the url can be anywhere in the string.
x.indexOf("https://secure.com") >= 0 // NOT OK
x.indexOf("https://secure.com/foo/bar-baz") >= 0 // NOT OK - the url can be anywhere in the string.
x.indexOf("https://secure.com/foo/bar") >= 0 // $ Alert - the url can be anywhere in the string.
x.indexOf("https://secure.com") >= 0 // $ Alert
x.indexOf("https://secure.com/foo/bar-baz") >= 0 // $ Alert - the url can be anywhere in the string.
});

12
javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js
View File

@@ -97,3 +97,15 @@ function lastIndexNeqMinusOne(x) {
function lastIndexEqMinusOne(x) {
return x.lastIndexOf("example.com") === -1 || x.lastIndexOf("example.com") === x.length - "example.com".length; // OK
}
function sameCheck(allowedOrigin) {
const trustedAuthority = "example.com";
const ind = trustedAuthority.indexOf("." + allowedOrigin);
return ind > 0 && ind === trustedAuthority.length - allowedOrigin.length - 1; // OK
}
function sameConcatenation(allowedOrigin) {
const trustedAuthority = "example.com";
return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK
}

146
javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected
View File

@@ -1,98 +1,55 @@
nodes
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name |
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted |
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted |
| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted |
| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted |
| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted |
| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] |
| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] |
| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) |
| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted |
| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted |
edges
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() |
| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } |
| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] |
| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] |
| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | provenance | |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | provenance | |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | provenance | |
nodes
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name |
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | semmle.label | {\\n ... }\\n } |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | semmle.label | {\\n ... } [z] |
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | semmle.label | {\\n x ... usted\\n} [x] |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | semmle.label | {\\n x ... usted\\n} [y] |
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | semmle.label | {\\n x ... usted\\n} [z] |
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted |
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted |
subpaths
#select
| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
@@ -102,7 +59,6 @@ edges
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name |

8
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql
View File

@@ -1,3 +1,9 @@
import javascript
import semmle.javascript.security.dataflow.TaintedPathQuery
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
deprecated class TaintedPathConsistency extends ConsistencyConfiguration {
TaintedPathConsistency() { this = "TaintedPathConsistency" }
override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) }
}

11869
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

File diff suppressed because it is too large Load Diff

4
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js
View File

@@ -70,7 +70,11 @@ http.createServer(function(req, res) {
fs.readFileSync(path); // NOT OK
mkdirp(path); // NOT OK
mkdirp.sync(path); // NOT OK
func(path);
});
function func(x) {
fs.readFileSync(x); // NOT OK
}
const fsp = require("fs/promises");
http.createServer(function(req, res) {

35
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js Normal file
View File

@@ -0,0 +1,35 @@
const fs = require('fs');
const express = require('express');
const app = express();
app.get('/', function (req, res) {
getTree(req, res, { workspaceDir: '/tmp' });
});
function getTree(req, res, options) {
var workspaceId = req.params.workspaceId;
var realfileRootPath = workspaceId; // getfileRoot(workspaceId);
var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]);
withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {});
}
function getfileRoot(workspaceId) {
var userId = decodeUserIdFromWorkspaceId(workspaceId);
return path.join(userId.substring(0,2), userId, decodeWorkspaceNameFromWorkspaceId(workspaceId));
}
function withStatsAndETag(filepath, callback) {
fs.readFileSync(filepath); // NOT OK
};
function decodeUserIdFromWorkspaceId(workspaceId) {
var index = workspaceId.lastIndexOf(SEPARATOR);
if (index === -1) return null;
return workspaceId.substring(0, index);
}
function decodeWorkspaceNameFromWorkspaceId(workspaceId) {
var index = workspaceId.lastIndexOf(SEPARATOR);
if (index === -1) return null;
return workspaceId.substring(index + 1);
}

15
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js Normal file
View File

@@ -0,0 +1,15 @@
var fs = require('fs'),
http = require('http'),
url = require('url');
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
doRead(Promise.resolve(path));
});
async function doRead(pathPromise) {
fs.readFileSync(await pathPromise); // NOT OK
pathPromise.then(path => fs.readFileSync(path)); // NO TOK
}
server.listen();

162
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -1,130 +1,42 @@
nodes
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:9:17:9:31 | header.linkname |
| TarSlipBad.js:9:17:9:31 | header.linkname |
| TarSlipBad.js:9:17:9:31 | header.linkname |
| TarSlipBad.js:9:17:9:31 | header.linkname |
| ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path |
| ZipSlipBad.js:15:22:15:31 | entry.path |
| ZipSlipBad.js:15:22:15:31 | entry.path |
| ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path |
| ZipSlipBad.js:22:22:22:31 | entry.path |
| ZipSlipBad.js:22:22:22:31 | entry.path |
| ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:30:14:30:17 | name |
| ZipSlipBad.js:30:14:30:17 | name |
| ZipSlipBad.js:30:14:30:17 | name |
| ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:34:16:34:19 | name |
| ZipSlipBad.js:34:16:34:19 | name |
| ZipSlipBad.js:34:16:34:19 | name |
| ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | semmle.label | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name | semmle.label | header.name |
| TarSlipBad.js:9:17:9:31 | header.linkname | semmle.label | header.linkname |
| ZipSlipBad2.js:5:9:5:46 | fileName | semmle.label | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | semmle.label | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path | semmle.label | entry.path |
| ZipSlipBad2.js:6:22:6:29 | fileName | semmle.label | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName | semmle.label | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | semmle.label | entry.path |
| ZipSlipBad.js:8:37:8:44 | fileName | semmle.label | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName | semmle.label | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path | semmle.label | entry.path |
| ZipSlipBad.js:16:30:16:37 | fileName | semmle.label | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName | semmle.label | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path | semmle.label | entry.path |
| ZipSlipBad.js:23:28:23:35 | fileName | semmle.label | fileName |
| ZipSlipBad.js:30:14:30:17 | name | semmle.label | name |
| ZipSlipBad.js:31:26:31:29 | name | semmle.label | name |
| ZipSlipBad.js:34:16:34:19 | name | semmle.label | name |
| ZipSlipBad.js:35:26:35:29 | name | semmle.label | name |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | semmle.label | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path |
| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName |
edges
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name |
| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName |
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | |
| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | |
| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | |
| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | |
| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | |
| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | |
| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | |
| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | |
| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | |
subpaths
#select
| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation |
| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation |

2
javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql
View File

@@ -1,3 +1,3 @@
import javascript
import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking

172
javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected
View File

@@ -1,112 +1,70 @@
nodes
| routes.js:2:23:2:30 | req.body |
| routes.js:2:23:2:30 | req.body |
| routes.js:2:23:2:30 | req.body |
| tst2.js:6:9:6:46 | bodyParameter |
| tst2.js:6:25:6:32 | req.body |
| tst2.js:6:25:6:32 | req.body |
| tst2.js:6:25:6:46 | req.bod ... rameter |
| tst2.js:7:28:7:40 | bodyParameter |
| tst2.js:7:28:7:40 | bodyParameter |
| tst2.js:26:9:26:46 | bodyParameter |
| tst2.js:26:25:26:32 | req.body |
| tst2.js:26:25:26:32 | req.body |
| tst2.js:26:25:26:46 | req.bod ... rameter |
| tst2.js:27:28:27:40 | bodyParameter |
| tst2.js:27:28:27:40 | bodyParameter |
| tst2.js:34:9:34:46 | bodyParameter |
| tst2.js:34:25:34:32 | req.body |
| tst2.js:34:25:34:32 | req.body |
| tst2.js:34:25:34:46 | req.bod ... rameter |
| tst2.js:35:28:35:40 | bodyParameter |
| tst2.js:35:28:35:40 | bodyParameter |
| tst2.js:42:9:42:46 | bodyParameter |
| tst2.js:42:25:42:32 | req.body |
| tst2.js:42:25:42:32 | req.body |
| tst2.js:42:25:42:46 | req.bod ... rameter |
| tst2.js:43:28:43:40 | bodyParameter |
| tst2.js:43:28:43:40 | bodyParameter |
| tst2.js:51:9:51:46 | bodyParameter |
| tst2.js:51:25:51:32 | req.body |
| tst2.js:51:25:51:32 | req.body |
| tst2.js:51:25:51:46 | req.bod ... rameter |
| tst2.js:52:28:52:40 | bodyParameter |
| tst2.js:52:28:52:40 | bodyParameter |
| tst.js:7:9:7:46 | bodyParameter |
| tst.js:7:25:7:32 | req.body |
| tst.js:7:25:7:32 | req.body |
| tst.js:7:25:7:46 | req.bod ... rameter |
| tst.js:8:9:8:49 | queryParameter |
| tst.js:8:9:8:49 | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter |
| tst.js:8:26:8:49 | req.que ... rameter |
| tst.js:8:26:8:49 | req.que ... rameter |
| tst.js:10:28:10:40 | bodyParameter |
| tst.js:10:28:10:40 | bodyParameter |
| tst.js:11:28:11:41 | queryParameter |
| tst.js:11:28:11:41 | queryParameter |
| tst.js:20:19:20:32 | queryParameter |
| tst.js:20:19:20:32 | queryParameter |
| tst.js:23:24:23:26 | obj |
| tst.js:23:24:23:26 | obj |
| tst.js:24:28:24:30 | obj |
| tst.js:24:28:24:30 | obj |
| tst.js:26:11:26:24 | str |
| tst.js:26:17:26:19 | obj |
| tst.js:26:17:26:24 | obj + "" |
| tst.js:29:28:29:42 | JSON.parse(str) |
| tst.js:29:28:29:42 | JSON.parse(str) |
| tst.js:29:39:29:41 | str |
| routes.js:2:23:2:30 | req.body | semmle.label | req.body |
| tst2.js:6:9:6:46 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:6:25:6:32 | req.body | semmle.label | req.body |
| tst2.js:6:25:6:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst2.js:7:28:7:40 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:26:9:26:46 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:26:25:26:32 | req.body | semmle.label | req.body |
| tst2.js:26:25:26:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst2.js:27:28:27:40 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:34:9:34:46 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:34:25:34:32 | req.body | semmle.label | req.body |
| tst2.js:34:25:34:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst2.js:35:28:35:40 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:42:9:42:46 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:42:25:42:32 | req.body | semmle.label | req.body |
| tst2.js:42:25:42:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst2.js:43:28:43:40 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:51:9:51:46 | bodyParameter | semmle.label | bodyParameter |
| tst2.js:51:25:51:32 | req.body | semmle.label | req.body |
| tst2.js:51:25:51:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst2.js:52:28:52:40 | bodyParameter | semmle.label | bodyParameter |
| tst.js:7:9:7:46 | bodyParameter | semmle.label | bodyParameter |
| tst.js:7:25:7:32 | req.body | semmle.label | req.body |
| tst.js:7:25:7:46 | req.bod ... rameter | semmle.label | req.bod ... rameter |
| tst.js:8:9:8:49 | queryParameter | semmle.label | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter | semmle.label | req.que ... rameter |
| tst.js:10:28:10:40 | bodyParameter | semmle.label | bodyParameter |
| tst.js:11:28:11:41 | queryParameter | semmle.label | queryParameter |
| tst.js:20:19:20:32 | queryParameter | semmle.label | queryParameter |
| tst.js:23:24:23:26 | obj | semmle.label | obj |
| tst.js:24:28:24:30 | obj | semmle.label | obj |
| tst.js:26:11:26:24 | str | semmle.label | str |
| tst.js:26:17:26:19 | obj | semmle.label | obj |
| tst.js:26:17:26:24 | obj + "" | semmle.label | obj + "" |
| tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) |
| tst.js:29:39:29:41 | str | semmle.label | str |
edges
| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body |
| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter |
| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter |
| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter |
| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter |
| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter |
| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter |
| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter |
| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter |
| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter |
| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter |
| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter |
| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter |
| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter |
| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter |
| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter |
| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter |
| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter |
| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter |
| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter |
| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter |
| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter |
| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter |
| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter |
| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter |
| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter |
| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter |
| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter |
| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter |
| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter |
| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter |
| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter |
| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter |
| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter |
| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter |
| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter |
| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj |
| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj |
| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj |
| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj |
| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj |
| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str |
| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" |
| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str |
| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) |
| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) |
| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | |
| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config |
| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | |
| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | |
| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config |
| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | |
| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | |
| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config |
| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | |
| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | |
| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config |
| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | |
| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | |
| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config |
| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | |
| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | |
| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config |
| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | |
| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | |
| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | |
| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | |
| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | |
| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | |
| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | |
| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | |
| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config |
| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | |
| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config |
subpaths
#select
| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value |
| tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value |

577
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected
View File

@@ -1,370 +1,214 @@
nodes
| actions.js:8:9:8:57 | title |
| actions.js:8:17:8:57 | github. ... t.title |
| actions.js:8:17:8:57 | github. ... t.title |
| actions.js:9:8:9:22 | `echo ${title}` |
| actions.js:9:8:9:22 | `echo ${title}` |
| actions.js:9:16:9:20 | title |
| actions.js:18:9:18:63 | head_ref |
| actions.js:18:20:18:63 | github. ... ead.ref |
| actions.js:18:20:18:63 | github. ... ead.ref |
| actions.js:19:14:19:31 | `echo ${head_ref}` |
| actions.js:19:14:19:31 | `echo ${head_ref}` |
| actions.js:19:22:19:29 | head_ref |
| child_process-test.js:6:9:6:49 | cmd |
| child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:6:15:6:44 | url.par ... ).query |
| child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:25:6:31 | req.url |
| child_process-test.js:6:25:6:31 | req.url |
| child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:48:15:48:17 | cmd |
| child_process-test.js:48:15:48:17 | cmd |
| child_process-test.js:53:15:53:17 | cmd |
| child_process-test.js:53:15:53:17 | cmd |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) |
| child_process-test.js:56:46:56:57 | ["bar", cmd] |
| child_process-test.js:56:54:56:56 | cmd |
| child_process-test.js:56:54:56:56 | cmd |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) |
| child_process-test.js:57:46:57:48 | cmd |
| child_process-test.js:73:9:73:49 | cmd |
| child_process-test.js:73:15:73:38 | url.par ... , true) |
| child_process-test.js:73:15:73:44 | url.par ... ).query |
| child_process-test.js:73:15:73:49 | url.par ... ry.path |
| child_process-test.js:73:25:73:31 | req.url |
| child_process-test.js:73:25:73:31 | req.url |
| child_process-test.js:75:29:75:31 | cmd |
| child_process-test.js:75:29:75:31 | cmd |
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| child_process-test.js:94:21:94:30 | ctx.params |
| child_process-test.js:94:21:94:30 | ctx.params |
| child_process-test.js:94:21:94:35 | ctx.params.host |
| exec-sh2.js:9:17:9:23 | command |
| exec-sh2.js:10:40:10:46 | command |
| exec-sh2.js:10:40:10:46 | command |
| exec-sh2.js:14:9:14:49 | cmd |
| exec-sh2.js:14:15:14:38 | url.par ... , true) |
| exec-sh2.js:14:15:14:44 | url.par ... ).query |
| exec-sh2.js:14:15:14:49 | url.par ... ry.path |
| exec-sh2.js:14:25:14:31 | req.url |
| exec-sh2.js:14:25:14:31 | req.url |
| exec-sh2.js:15:12:15:14 | cmd |
| exec-sh.js:13:17:13:23 | command |
| exec-sh.js:15:44:15:50 | command |
| exec-sh.js:15:44:15:50 | command |
| exec-sh.js:19:9:19:49 | cmd |
| exec-sh.js:19:15:19:38 | url.par ... , true) |
| exec-sh.js:19:15:19:44 | url.par ... ).query |
| exec-sh.js:19:15:19:49 | url.par ... ry.path |
| exec-sh.js:19:25:19:31 | req.url |
| exec-sh.js:19:25:19:31 | req.url |
| exec-sh.js:20:12:20:14 | cmd |
| execSeries.js:3:20:3:22 | arr |
| execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:13:19:13:26 | commands |
| execSeries.js:14:13:14:20 | commands |
| execSeries.js:14:24:14:30 | command |
| execSeries.js:14:41:14:47 | command |
| execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:18:34:18:40 | req.url |
| execSeries.js:19:12:19:16 | [cmd] |
| execSeries.js:19:13:19:15 | cmd |
| form-parsers.js:9:8:9:39 | "touch ... nalname |
| form-parsers.js:9:8:9:39 | "touch ... nalname |
| form-parsers.js:9:19:9:26 | req.file |
| form-parsers.js:9:19:9:26 | req.file |
| form-parsers.js:9:19:9:39 | req.fil ... nalname |
| form-parsers.js:13:3:13:11 | req.files |
| form-parsers.js:13:3:13:11 | req.files |
| form-parsers.js:13:21:13:24 | file |
| form-parsers.js:14:10:14:37 | "touch ... nalname |
| form-parsers.js:14:10:14:37 | "touch ... nalname |
| form-parsers.js:14:21:14:24 | file |
| form-parsers.js:14:21:14:37 | file.originalname |
| form-parsers.js:24:48:24:55 | filename |
| form-parsers.js:24:48:24:55 | filename |
| form-parsers.js:25:10:25:28 | "touch " + filename |
| form-parsers.js:25:10:25:28 | "touch " + filename |
| form-parsers.js:25:21:25:28 | filename |
| form-parsers.js:35:25:35:30 | fields |
| form-parsers.js:35:25:35:30 | fields |
| form-parsers.js:36:10:36:31 | "touch ... ds.name |
| form-parsers.js:36:10:36:31 | "touch ... ds.name |
| form-parsers.js:36:21:36:26 | fields |
| form-parsers.js:36:21:36:31 | fields.name |
| form-parsers.js:40:26:40:31 | fields |
| form-parsers.js:40:26:40:31 | fields |
| form-parsers.js:41:10:41:31 | "touch ... ds.name |
| form-parsers.js:41:10:41:31 | "touch ... ds.name |
| form-parsers.js:41:21:41:26 | fields |
| form-parsers.js:41:21:41:31 | fields.name |
| form-parsers.js:52:34:52:39 | fields |
| form-parsers.js:52:34:52:39 | fields |
| form-parsers.js:53:10:53:31 | "touch ... ds.name |
| form-parsers.js:53:10:53:31 | "touch ... ds.name |
| form-parsers.js:53:21:53:26 | fields |
| form-parsers.js:53:21:53:31 | fields.name |
| form-parsers.js:58:30:58:33 | part |
| form-parsers.js:58:30:58:33 | part |
| form-parsers.js:59:10:59:33 | "touch ... ilename |
| form-parsers.js:59:10:59:33 | "touch ... ilename |
| form-parsers.js:59:21:59:24 | part |
| form-parsers.js:59:21:59:33 | part.filename |
| other.js:5:9:5:49 | cmd |
| other.js:5:15:5:38 | url.par ... , true) |
| other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:25:5:31 | req.url |
| other.js:5:25:5:31 | req.url |
| other.js:7:33:7:35 | cmd |
| other.js:7:33:7:35 | cmd |
| other.js:8:28:8:30 | cmd |
| other.js:8:28:8:30 | cmd |
| other.js:9:32:9:34 | cmd |
| other.js:9:32:9:34 | cmd |
| other.js:10:29:10:31 | cmd |
| other.js:10:29:10:31 | cmd |
| other.js:11:29:11:31 | cmd |
| other.js:11:29:11:31 | cmd |
| other.js:12:27:12:29 | cmd |
| other.js:12:27:12:29 | cmd |
| other.js:14:28:14:30 | cmd |
| other.js:14:28:14:30 | cmd |
| other.js:15:34:15:36 | cmd |
| other.js:15:34:15:36 | cmd |
| other.js:16:21:16:23 | cmd |
| other.js:16:21:16:23 | cmd |
| other.js:17:27:17:29 | cmd |
| other.js:17:27:17:29 | cmd |
| other.js:18:22:18:24 | cmd |
| other.js:18:22:18:24 | cmd |
| other.js:19:36:19:38 | cmd |
| other.js:19:36:19:38 | cmd |
| other.js:22:21:22:23 | cmd |
| other.js:22:21:22:23 | cmd |
| other.js:23:28:23:30 | cmd |
| other.js:23:28:23:30 | cmd |
| other.js:26:34:26:36 | cmd |
| other.js:26:34:26:36 | cmd |
| other.js:28:27:28:29 | cmd |
| other.js:28:27:28:29 | cmd |
| other.js:30:33:30:35 | cmd |
| other.js:30:33:30:35 | cmd |
| other.js:34:44:34:46 | cmd |
| other.js:34:44:34:46 | cmd |
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:5:20:5:26 | command |
| third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:6:21:6:27 | command |
edges
| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title |
| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title |
| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title |
| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` |
| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` |
| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref |
| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref |
| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref |
| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` |
| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd |
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query |
| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" |
| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) |
| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) |
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] |
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) |
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) |
| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd |
| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd |
| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:15:73:44 | url.par ... ).query |
| child_process-test.js:73:15:73:44 | url.par ... ).query | child_process-test.js:73:15:73:49 | url.par ... ry.path |
| child_process-test.js:73:15:73:49 | url.par ... ry.path | child_process-test.js:73:9:73:49 | cmd |
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName |
| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host |
| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host |
| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host |
| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command |
| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command |
| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd |
| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:15:14:44 | url.par ... ).query |
| exec-sh2.js:14:15:14:44 | url.par ... ).query | exec-sh2.js:14:15:14:49 | url.par ... ry.path |
| exec-sh2.js:14:15:14:49 | url.par ... ry.path | exec-sh2.js:14:9:14:49 | cmd |
| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) |
| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) |
| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command |
| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command |
| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command |
| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd |
| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:15:19:44 | url.par ... ).query |
| exec-sh.js:19:15:19:44 | url.par ... ).query | exec-sh.js:19:15:19:49 | url.par ... ry.path |
| exec-sh.js:19:15:19:49 | url.par ... ry.path | exec-sh.js:19:9:19:49 | cmd |
| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) |
| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) |
| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command |
| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands |
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr |
| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command |
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd |
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query |
| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path |
| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) |
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] |
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname |
| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname |
| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname |
| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file |
| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file |
| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file |
| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:21:14:37 | file.originalname |
| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname |
| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname |
| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename |
| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename |
| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename |
| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename |
| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields |
| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields |
| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:21:36:31 | fields.name |
| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name |
| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name |
| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields |
| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields |
| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:21:41:31 | fields.name |
| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name |
| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name |
| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields |
| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields |
| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:21:53:31 | fields.name |
| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name |
| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name |
| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part |
| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part |
| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:21:59:33 | part.filename |
| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename |
| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd |
| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd |
| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd |
| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd |
| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd |
| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd |
| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd |
| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd |
| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query |
| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path |
| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command |
| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | provenance | |
| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | provenance | |
| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | provenance | |
| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | provenance | |
| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | provenance | |
| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | provenance | |
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | provenance | |
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | |
| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | |
| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | |
| child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance | |
| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args | provenance | |
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | |
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | |
| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | |
| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | |
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | |
| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | provenance | |
| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | provenance | |
| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | provenance | |
| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | provenance | |
| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | provenance | |
| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | provenance | |
| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | provenance | |
| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | provenance | |
| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | |
| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | |
| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | |
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | |
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | |
| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | |
| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | |
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | |
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | |
| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | |
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | |
| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | |
| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | provenance | |
| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | provenance | |
| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | provenance | |
| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | provenance | |
| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | provenance | |
| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | provenance | |
| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | provenance | |
| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | provenance | |
| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | provenance | |
| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | provenance | |
| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | provenance | |
| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | provenance | |
| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | provenance | |
| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | provenance | |
| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | provenance | |
| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | |
| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | provenance | |
nodes
| actions.js:8:9:8:57 | title | semmle.label | title |
| actions.js:8:17:8:57 | github. ... t.title | semmle.label | github. ... t.title |
| actions.js:9:8:9:22 | `echo ${title}` | semmle.label | `echo ${title}` |
| actions.js:9:16:9:20 | title | semmle.label | title |
| actions.js:18:9:18:63 | head_ref | semmle.label | head_ref |
| actions.js:18:20:18:63 | github. ... ead.ref | semmle.label | github. ... ead.ref |
| actions.js:19:14:19:31 | `echo ${head_ref}` | semmle.label | `echo ${head_ref}` |
| actions.js:19:22:19:29 | head_ref | semmle.label | head_ref |
| child_process-test.js:6:9:6:49 | cmd | semmle.label | cmd |
| child_process-test.js:6:15:6:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path |
| child_process-test.js:6:25:6:31 | req.url | semmle.label | req.url |
| child_process-test.js:17:13:17:15 | cmd | semmle.label | cmd |
| child_process-test.js:18:17:18:19 | cmd | semmle.label | cmd |
| child_process-test.js:19:17:19:19 | cmd | semmle.label | cmd |
| child_process-test.js:20:21:20:23 | cmd | semmle.label | cmd |
| child_process-test.js:21:14:21:16 | cmd | semmle.label | cmd |
| child_process-test.js:22:18:22:20 | cmd | semmle.label | cmd |
| child_process-test.js:23:13:23:15 | cmd | semmle.label | cmd |
| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | semmle.label | "foo" + cmd + "bar" |
| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd |
| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd |
| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd |
| child_process-test.js:48:5:48:8 | [post update] args [1] | semmle.label | [post update] args [1] |
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
| child_process-test.js:49:15:49:18 | args [1] | semmle.label | args [1] |
| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) |
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] |
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) |
| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd |
| child_process-test.js:66:19:66:22 | args | semmle.label | args |
| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd |
| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url |
| child_process-test.js:75:29:75:31 | cmd | semmle.label | cmd |
| child_process-test.js:83:19:83:36 | req.query.fileName | semmle.label | req.query.fileName |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | semmle.label | "ping " ... ms.host |
| child_process-test.js:94:21:94:30 | ctx.params | semmle.label | ctx.params |
| exec-sh2.js:9:17:9:23 | command | semmle.label | command |
| exec-sh2.js:10:40:10:46 | command | semmle.label | command |
| exec-sh2.js:14:9:14:49 | cmd | semmle.label | cmd |
| exec-sh2.js:14:15:14:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| exec-sh2.js:14:25:14:31 | req.url | semmle.label | req.url |
| exec-sh2.js:15:12:15:14 | cmd | semmle.label | cmd |
| exec-sh.js:13:17:13:23 | command | semmle.label | command |
| exec-sh.js:15:44:15:50 | command | semmle.label | command |
| exec-sh.js:19:9:19:49 | cmd | semmle.label | cmd |
| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url |
| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd |
| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] |
| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] |
| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] |
| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] |
| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] |
| execSeries.js:14:24:14:30 | command | semmle.label | command |
| execSeries.js:14:41:14:47 | command | semmle.label | command |
| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd |
| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) |
| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url |
| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] |
| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd |
| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname |
| form-parsers.js:9:19:9:26 | req.file | semmle.label | req.file |
| form-parsers.js:13:3:13:11 | req.files | semmle.label | req.files |
| form-parsers.js:13:21:13:24 | file | semmle.label | file |
| form-parsers.js:14:10:14:37 | "touch ... nalname | semmle.label | "touch ... nalname |
| form-parsers.js:14:21:14:24 | file | semmle.label | file |
| form-parsers.js:24:48:24:55 | filename | semmle.label | filename |
| form-parsers.js:25:10:25:28 | "touch " + filename | semmle.label | "touch " + filename |
| form-parsers.js:25:21:25:28 | filename | semmle.label | filename |
| form-parsers.js:35:25:35:30 | fields | semmle.label | fields |
| form-parsers.js:36:10:36:31 | "touch ... ds.name | semmle.label | "touch ... ds.name |
| form-parsers.js:36:21:36:26 | fields | semmle.label | fields |
| form-parsers.js:40:26:40:31 | fields | semmle.label | fields |
| form-parsers.js:41:10:41:31 | "touch ... ds.name | semmle.label | "touch ... ds.name |
| form-parsers.js:41:21:41:26 | fields | semmle.label | fields |
| form-parsers.js:52:34:52:39 | fields | semmle.label | fields |
| form-parsers.js:53:10:53:31 | "touch ... ds.name | semmle.label | "touch ... ds.name |
| form-parsers.js:53:21:53:26 | fields | semmle.label | fields |
| form-parsers.js:58:30:58:33 | part | semmle.label | part |
| form-parsers.js:59:10:59:33 | "touch ... ilename | semmle.label | "touch ... ilename |
| form-parsers.js:59:21:59:24 | part | semmle.label | part |
| other.js:5:9:5:49 | cmd | semmle.label | cmd |
| other.js:5:15:5:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| other.js:5:25:5:31 | req.url | semmle.label | req.url |
| other.js:7:33:7:35 | cmd | semmle.label | cmd |
| other.js:8:28:8:30 | cmd | semmle.label | cmd |
| other.js:9:32:9:34 | cmd | semmle.label | cmd |
| other.js:10:29:10:31 | cmd | semmle.label | cmd |
| other.js:11:29:11:31 | cmd | semmle.label | cmd |
| other.js:12:27:12:29 | cmd | semmle.label | cmd |
| other.js:14:28:14:30 | cmd | semmle.label | cmd |
| other.js:15:34:15:36 | cmd | semmle.label | cmd |
| other.js:16:21:16:23 | cmd | semmle.label | cmd |
| other.js:17:27:17:29 | cmd | semmle.label | cmd |
| other.js:18:22:18:24 | cmd | semmle.label | cmd |
| other.js:19:36:19:38 | cmd | semmle.label | cmd |
| other.js:22:21:22:23 | cmd | semmle.label | cmd |
| other.js:23:28:23:30 | cmd | semmle.label | cmd |
| other.js:26:34:26:36 | cmd | semmle.label | cmd |
| other.js:28:27:28:29 | cmd | semmle.label | cmd |
| other.js:30:33:30:35 | cmd | semmle.label | cmd |
| other.js:34:44:34:46 | cmd | semmle.label | cmd |
| third-party-command-injection.js:5:20:5:26 | command | semmle.label | command |
| third-party-command-injection.js:6:21:6:27 | command | semmle.label | command |
subpaths
#select
| actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value |
| actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value |
@@ -385,6 +229,7 @@ edges
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value |

6
javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql
View File

@@ -1,12 +1,12 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection
import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection
import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment
import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery as UnsafeShellCommandConstruction
import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery as SecondOrderCommandInjectionQuery
class CommandInjectionConsistency extends ConsistencyConfiguration {
deprecated class CommandInjectionConsistency extends ConsistencyConfiguration {
CommandInjectionConsistency() { this = "ComandInjection" }
override File getAFile() { not result.getBaseName() = "uselesscat.js" }
@@ -14,7 +14,7 @@ class CommandInjectionConsistency extends ConsistencyConfiguration {
import semmle.javascript.security.UselessUseOfCat
class UselessCatConsistency extends ConsistencyConfiguration {
deprecated class UselessCatConsistency extends ConsistencyConfiguration {
UselessCatConsistency() { this = "Cat" }
override DataFlow::Node getAnAlert() { result instanceof UselessCat }

715
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected
View File

@@ -1,427 +1,296 @@
nodes
| actions.js:4:6:4:16 | process.env |
| actions.js:4:6:4:16 | process.env |
| actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:7:15:7:15 | e |
| actions.js:8:10:8:10 | e |
| actions.js:8:10:8:23 | e['TEST_DATA'] |
| actions.js:8:10:8:23 | e['TEST_DATA'] |
| actions.js:12:6:12:16 | process.env |
| actions.js:12:6:12:16 | process.env |
| actions.js:14:6:14:21 | getInput('data') |
| actions.js:14:6:14:21 | getInput('data') |
| actions.js:14:6:14:21 | getInput('data') |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:10:6:10:33 | args |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:11:14:11:17 | args |
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:26:12:29 | args |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs |
| command-line-parameter-command-injection.js:14:18:14:21 | args |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs |
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] |
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:35 | args |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() |
| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo |
| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv |
| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo |
| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv |
| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo |
| command-line-parameter-command-injection.js:36:6:39:7 | args |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv |
| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:41:22:41:25 | args |
| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo |
| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() |
| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo |
| command-line-parameter-command-injection.js:47:8:53:12 | args |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} |
| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} |
| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:55:22:55:25 | args |
| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv |
| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() |
| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest |
| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest |
| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} |
| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} |
| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} |
| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} |
| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 |
| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 |
| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest |
| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest |
| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest |
| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest |
| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest |
| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest |
| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} |
| command-line-parameter-command-injection.js:68:6:68:40 | taint3 |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv |
| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 |
| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 |
| command-line-parameter-command-injection.js:69:22:69:27 | taint3 |
| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] |
| command-line-parameter-command-injection.js:71:6:71:40 | taint4 |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv |
| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 |
| command-line-parameter-command-injection.js:76:8:76:35 | argv |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) |
| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo |
| command-line-parameter-command-injection.js:79:31:79:34 | argv |
| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) |
| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) |
| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) |
| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) |
| command-line-parameter-command-injection.js:88:6:88:37 | flags |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv |
| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:89:22:89:26 | flags |
| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo |
| command-line-parameter-command-injection.js:91:6:91:38 | flags |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) |
| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:92:22:92:26 | flags |
| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo |
| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo |
| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() |
| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo |
| command-line-parameter-command-injection.js:107:8:107:51 | options |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) |
| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:22:108:28 | options |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo |
| command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:22:116:24 | cli |
| command-line-parameter-command-injection.js:116:22:116:30 | cli.input |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] |
| command-line-parameter-command-injection.js:122:6:122:46 | opts |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) |
| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:124:22:124:25 | opts |
| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo |
| command-line-parameter-command-injection.js:127:6:127:26 | opts |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() |
| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:129:22:129:25 | opts |
| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo |
| command-line-parameter-command-injection.js:133:8:133:41 | program |
| command-line-parameter-command-injection.js:133:10:133:16 | program |
| command-line-parameter-command-injection.js:133:10:133:16 | program |
| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType |
| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:28 | program |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType |
| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType |
| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType |
edges
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] |
| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e |
| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] |
| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] |
| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e |
| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e |
| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args |
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] |
| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:26:12:32 | args[0] |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs |
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args |
| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:32:26:38 | args[0] |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo |
| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args |
| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo |
| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo |
| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo |
| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} |
| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args |
| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args |
| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 |
| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 |
| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest |
| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest |
| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} |
| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest |
| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} |
| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest |
| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} |
| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} |
| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest |
| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest |
| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest |
| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest |
| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 |
| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} |
| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 |
| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 |
| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 |
| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo |
| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo |
| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo |
| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) |
| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) |
| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:22:89:30 | flags.foo |
| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags |
| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:22:92:30 | flags.foo |
| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo |
| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo |
| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo |
| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options |
| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:22:108:32 | options.foo |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli |
| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:22:116:30 | cli.input |
| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts |
| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:22:124:29 | opts.foo |
| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts |
| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:22:129:29 | opts.foo |
| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program |
| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program |
| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType |
| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | provenance | |
| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | provenance | |
| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | provenance | |
| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | provenance | |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | provenance | |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | |
| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | |
| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | |
| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | provenance | |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | |
| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | |
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | provenance | |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | provenance | |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | provenance | |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | provenance | |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | provenance | |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | |
| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | provenance | |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | |
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | provenance | |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | provenance | |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | provenance | |
| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | provenance | |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | provenance | |
| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | provenance | |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | provenance | |
| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | provenance | |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | provenance | |
| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | provenance | |
| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | provenance | |
| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | provenance | |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | provenance | |
| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | provenance | |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | provenance | |
| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | provenance | |
| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | provenance | |
| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | provenance | |
| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | provenance | |
| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | provenance | |
| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | provenance | |
| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | provenance | |
| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | provenance | |
| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | provenance | |
| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | provenance | |
| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | provenance | |
| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | provenance | |
| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | provenance | |
| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | provenance | |
| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | provenance | |
| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | provenance | |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | provenance | |
| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | provenance | |
| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | provenance | |
| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | provenance | |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | provenance | |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | provenance | |
| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | provenance | |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | |
| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | |
| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | |
| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | provenance | |
| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | provenance | |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | provenance | |
| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | provenance | |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | provenance | |
| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | provenance | |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | provenance | |
| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | provenance | |
| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | provenance | |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | provenance | |
| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | provenance | |
| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | provenance | |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | provenance | |
| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | provenance | |
| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | provenance | |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | provenance | |
| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | provenance | |
| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | provenance | |
| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | provenance | |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | provenance | |
nodes
| actions.js:4:6:4:16 | process.env | semmle.label | process.env |
| actions.js:4:6:4:29 | process ... _DATA'] | semmle.label | process ... _DATA'] |
| actions.js:7:15:7:15 | e | semmle.label | e |
| actions.js:8:10:8:10 | e | semmle.label | e |
| actions.js:8:10:8:23 | e['TEST_DATA'] | semmle.label | e['TEST_DATA'] |
| actions.js:12:6:12:16 | process.env | semmle.label | process.env |
| actions.js:14:6:14:21 | getInput('data') | semmle.label | getInput('data') |
| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | semmle.label | "cmd.sh ... argv[2] |
| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:10:6:10:33 | args | semmle.label | args |
| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:11:14:11:17 | args | semmle.label | args |
| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | semmle.label | args[0] |
| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | semmle.label | "cmd.sh " + args[0] |
| command-line-parameter-command-injection.js:12:26:12:29 | args | semmle.label | args |
| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | semmle.label | args[0] |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | semmle.label | fewerArgs |
| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
| command-line-parameter-command-injection.js:14:18:14:21 | args | semmle.label | args |
| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | semmle.label | args.slice(1) |
| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | semmle.label | args.slice(1) [ArrayElement] |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | semmle.label | fewerArgs |
| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | semmle.label | fewerArgs[0] |
| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | semmle.label | "cmd.sh ... Args[0] |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | semmle.label | fewerArgs |
| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | semmle.label | fewerArgs[0] |
| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | semmle.label | arg0 |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | semmle.label | fewerArgs |
| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] |
| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | semmle.label | fewerArgs[0] |
| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | semmle.label | arg0 |
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | semmle.label | args[0] |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | semmle.label | args.join(' ') |
| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | semmle.label | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | semmle.label | require ... rgs")() |
| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | semmle.label | require ... ").argv |
| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo |
| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | semmle.label | require ... ").argv |
| command-line-parameter-command-injection.js:36:6:39:7 | args | semmle.label | args |
| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | semmle.label | require ... \\t\\t.argv |
| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args |
| command-line-parameter-command-injection.js:41:22:41:25 | args | semmle.label | args |
| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | semmle.label | "cmd.sh ... e().foo |
| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | semmle.label | require ... parse() |
| command-line-parameter-command-injection.js:47:8:53:12 | args | semmle.label | args |
| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | semmle.label | argv: { ... rgs\\n\\t\\t} |
| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | semmle.label | {\\n\\t\\t\\t...args\\n\\t\\t} |
| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args |
| command-line-parameter-command-injection.js:55:22:55:25 | args | semmle.label | args |
| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | semmle.label | tainted1 |
| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | semmle.label | require ... ').argv |
| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | semmle.label | tainted2 |
| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | semmle.label | require ... parse() |
| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | semmle.label | {taint1 ... 2rest}} [taint1] |
| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | semmle.label | {taint1 ... 2rest}} [taint2] |
| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | semmle.label | taint1rest |
| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | semmle.label | taint2rest |
| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | semmle.label | taint1: ... t1rest} |
| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | semmle.label | {...taint1rest} |
| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | semmle.label | taint2: ... t2rest} |
| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | semmle.label | {...taint2rest} |
| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] |
| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] |
| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | semmle.label | tainted1 |
| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | semmle.label | tainted2 |
| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | semmle.label | "cmd.sh ... nt1rest |
| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | semmle.label | taint1rest |
| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | semmle.label | "cmd.sh ... nt2rest |
| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | semmle.label | taint2rest |
| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | semmle.label | {...taint3} |
| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | semmle.label | taint3 |
| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | semmle.label | require ... ').argv |
| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | semmle.label | "cmd.sh " + taint3 |
| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | semmle.label | taint3 |
| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | semmle.label | [...taint4] |
| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | semmle.label | taint4 |
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | semmle.label | require ... ').argv |
| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | semmle.label | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | semmle.label | taint4 |
| command-line-parameter-command-injection.js:76:8:76:35 | argv | semmle.label | argv |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | semmle.label | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | semmle.label | minimist(argv) |
| command-line-parameter-command-injection.js:79:31:79:34 | argv | semmle.label | argv |
| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | semmle.label | subarg( ... ice(2)) |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | semmle.label | yargsPa ... ice(2)) |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:88:6:88:37 | flags | semmle.label | flags |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | semmle.label | args.pa ... s.argv) |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:89:22:89:26 | flags | semmle.label | flags |
| command-line-parameter-command-injection.js:91:6:91:38 | flags | semmle.label | flags |
| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | semmle.label | require ... .spec}) |
| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo |
| command-line-parameter-command-injection.js:92:22:92:26 | flags | semmle.label | flags |
| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | semmle.label | "cmd.sh ... s().foo |
| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | semmle.label | parser.parse_args() |
| command-line-parameter-command-injection.js:107:8:107:51 | options | semmle.label | options |
| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | semmle.label | command ... itions) |
| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | semmle.label | "cmd.sh ... ons.foo |
| command-line-parameter-command-injection.js:108:22:108:28 | options | semmle.label | options |
| command-line-parameter-command-injection.js:114:8:114:52 | cli | semmle.label | cli |
| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | semmle.label | meow(`h ... lags}}) |
| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | semmle.label | "cmd.sh ... nput[0] |
| command-line-parameter-command-injection.js:116:22:116:24 | cli | semmle.label | cli |
| command-line-parameter-command-injection.js:122:6:122:46 | opts | semmle.label | opts |
| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | semmle.label | dashdas ... tions}) |
| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:124:22:124:25 | opts | semmle.label | opts |
| command-line-parameter-command-injection.js:127:6:127:26 | opts | semmle.label | opts |
| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | semmle.label | parser.parse() |
| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo |
| command-line-parameter-command-injection.js:129:22:129:25 | opts | semmle.label | opts |
| command-line-parameter-command-injection.js:133:8:133:41 | program | semmle.label | program |
| command-line-parameter-command-injection.js:133:10:133:16 | program | semmle.label | program |
| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | semmle.label | program.opts() |
| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | semmle.label | program ... zzaType |
| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:137:22:137:28 | program | semmle.label | program |
| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | semmle.label | program.pizzaType |
| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | semmle.label | program.opts() |
| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | semmle.label | program ... zzaType |
| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType |
| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | semmle.label | program.pizzaType |
subpaths
#select
| actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable |
| actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable |

67
javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected
View File

@@ -1,51 +1,26 @@
nodes
| second-order.js:6:9:6:33 | remote |
| second-order.js:6:18:6:33 | req.query.remote |
| second-order.js:6:18:6:33 | req.query.remote |
| second-order.js:7:33:7:38 | remote |
| second-order.js:7:33:7:38 | remote |
| second-order.js:9:29:9:34 | remote |
| second-order.js:9:29:9:34 | remote |
| second-order.js:11:33:11:38 | remote |
| second-order.js:11:33:11:38 | remote |
| second-order.js:13:9:13:31 | myArgs |
| second-order.js:13:18:13:31 | req.query.args |
| second-order.js:13:18:13:31 | req.query.args |
| second-order.js:15:19:15:24 | myArgs |
| second-order.js:15:19:15:24 | myArgs |
| second-order.js:26:35:26:40 | remote |
| second-order.js:26:35:26:40 | remote |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:29:19:29:32 | req.query.args |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:44:18:44:31 | req.query.args |
| second-order.js:44:18:44:31 | req.query.args |
| second-order.js:44:18:44:31 | req.query.args |
| second-order.js:6:9:6:33 | remote | semmle.label | remote |
| second-order.js:6:18:6:33 | req.query.remote | semmle.label | req.query.remote |
| second-order.js:7:33:7:38 | remote | semmle.label | remote |
| second-order.js:9:29:9:34 | remote | semmle.label | remote |
| second-order.js:11:33:11:38 | remote | semmle.label | remote |
| second-order.js:13:9:13:31 | myArgs | semmle.label | myArgs |
| second-order.js:13:18:13:31 | req.query.args | semmle.label | req.query.args |
| second-order.js:15:19:15:24 | myArgs | semmle.label | myArgs |
| second-order.js:26:35:26:40 | remote | semmle.label | remote |
| second-order.js:29:19:29:32 | req.query.args | semmle.label | req.query.args |
| second-order.js:40:28:40:43 | req.query.remote | semmle.label | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote |
| second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args |
edges
| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote |
| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote |
| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote |
| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote |
| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs |
| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs |
| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs |
| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs |
| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args |
| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote |
| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote |
| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args |
| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | |
| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | |
| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | |
| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | |
| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | |
| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | |
| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | |
subpaths
#select
| second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |
| second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value |

45
javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected
View File

@@ -1,32 +1,21 @@
nodes
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname |
edges
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | provenance | |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | provenance | |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | provenance | |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | provenance | |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | provenance | |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | provenance | |
nodes
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | semmle.label | __dirname |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | semmle.label | __dirname |
| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") |
| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | semmle.label | path.jo ... "temp") |
| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | semmle.label | __dirname |
subpaths
#select
| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path |
| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path |

1159
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
View File

File diff suppressed because it is too large Load Diff

2
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js
View File

@@ -250,7 +250,7 @@ module.exports.goodSanitizer = function (name) {
var cleaned = cleanInput(name);
cp.exec("rm -rf " + cleaned); // OK
cp.exec("rm -rf " + cleaned); // OK - But FP due to SanitizingRegExpTest not being able to generate a barrier edge for an edge into a phi node.
}
var fs = require("fs");

10
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql
View File

@@ -1,3 +1,9 @@
import javascript
import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.DomBasedXssQuery as DomXss
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.DomBasedXssQuery
deprecated class ConsistencyConfig extends ConsistencyConfiguration {
ConsistencyConfig() { this = "ConsistencyConfig" }
override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) }
}

1181
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

File diff suppressed because it is too large Load Diff

1214
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

File diff suppressed because it is too large Load Diff

8
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql
View File

@@ -13,11 +13,13 @@
import javascript
import semmle.javascript.security.dataflow.DomBasedXssQuery
import DataFlow::PathGraph
import DataFlow::DeduplicatePathGraph<DomBasedXssFlow::PathNode, DomBasedXssFlow::PathGraph>
import semmle.javascript.heuristics.AdditionalSources
from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource
from PathNode source, PathNode sink
where
DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and
source.getNode() instanceof HeuristicSource
select sink.getNode(), source, sink,
sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
"user-provided value"

13
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js Normal file
View File

@@ -0,0 +1,13 @@
import 'dummy';
function foo(x, y, z) {
arguments; // ensure 'arguments' are used
document.writeln(x); // OK
document.writeln(y); // NOT OK
document.writeln(z); // OK
}
function bar() {
const url = window.location.href;
foo('safe', url, 'safe');
}

2
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js
View File

@@ -373,7 +373,7 @@ function test() {
// NOT OK
$('myId').html(target)
// OK
// OK - but only safe because contents are URI-encoded
$('myid').html(document.location.href.split("?")[0]);
}

2
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql
View File

@@ -1,3 +1,3 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss

334
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
View File

@@ -1,177 +1,167 @@
nodes
| ajv.js:11:18:11:33 | ajv.errorsText() |
| ajv.js:11:18:11:33 | ajv.errorsText() |
| ajv.js:11:18:11:33 | ajv.errorsText() |
| ajv.js:24:18:24:26 | val.error |
| ajv.js:24:18:24:26 | val.error |
| ajv.js:24:18:24:26 | val.error |
| exception-xss.js:2:6:2:28 | foo |
| exception-xss.js:2:12:2:28 | document.location |
| exception-xss.js:2:12:2:28 | document.location |
| exception-xss.js:9:11:9:13 | foo |
| exception-xss.js:10:11:10:11 | e |
| exception-xss.js:11:18:11:18 | e |
| exception-xss.js:11:18:11:18 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:15:9:15:11 | foo |
| exception-xss.js:16:11:16:11 | e |
| exception-xss.js:17:18:17:18 | e |
| exception-xss.js:17:18:17:18 | e |
| exception-xss.js:21:11:21:13 | foo |
| exception-xss.js:21:11:21:21 | foo + "bar" |
| exception-xss.js:22:11:22:11 | e |
| exception-xss.js:23:18:23:18 | e |
| exception-xss.js:23:18:23:18 | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] |
| exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:34:11:34:11 | e |
| exception-xss.js:35:18:35:18 | e |
| exception-xss.js:35:18:35:18 | e |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:8:46:18 | "bar" + foo |
| exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:47:11:47:11 | e |
| exception-xss.js:48:18:48:18 | e |
| exception-xss.js:48:18:48:18 | e |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:81:16:81:18 | foo |
| exception-xss.js:82:11:82:11 | e |
| exception-xss.js:83:18:83:18 | e |
| exception-xss.js:83:18:83:18 | e |
| exception-xss.js:89:11:89:13 | foo |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) |
| exception-xss.js:90:11:90:11 | e |
| exception-xss.js:91:18:91:18 | e |
| exception-xss.js:91:18:91:18 | e |
| exception-xss.js:95:11:95:22 | [foo, "bar"] |
| exception-xss.js:95:12:95:14 | foo |
| exception-xss.js:96:11:96:11 | e |
| exception-xss.js:97:18:97:18 | e |
| exception-xss.js:97:18:97:18 | e |
| exception-xss.js:102:12:102:14 | foo |
| exception-xss.js:106:11:106:11 | e |
| exception-xss.js:107:18:107:18 | e |
| exception-xss.js:107:18:107:18 | e |
| exception-xss.js:117:11:117:23 | req.params.id |
| exception-xss.js:117:11:117:23 | req.params.id |
| exception-xss.js:118:11:118:11 | e |
| exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:28:119:28 | e |
| exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:125:45:125:68 | documen ... .search |
| exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:129:11:129:11 | e |
| exception-xss.js:130:18:130:18 | e |
| exception-xss.js:130:18:130:18 | e |
| exception-xss.js:136:10:136:22 | req.params.id |
| exception-xss.js:136:10:136:22 | req.params.id |
| exception-xss.js:136:26:136:30 | error |
| exception-xss.js:138:19:138:23 | error |
| exception-xss.js:138:19:138:23 | error |
| exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:146:12:146:35 | documen ... .search |
| exception-xss.js:148:33:148:35 | foo |
| exception-xss.js:148:55:148:55 | e |
| exception-xss.js:149:18:149:18 | e |
| exception-xss.js:149:18:149:18 | e |
| exception-xss.js:153:8:153:10 | foo |
| exception-xss.js:154:11:154:11 | e |
| exception-xss.js:155:18:155:18 | e |
| exception-xss.js:155:18:155:18 | e |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
| exception-xss.js:174:31:174:33 | foo |
| exception-xss.js:174:53:174:53 | e |
| exception-xss.js:175:18:175:18 | e |
| exception-xss.js:175:18:175:18 | e |
| exception-xss.js:180:10:180:22 | req.params.id |
| exception-xss.js:180:10:180:22 | req.params.id |
| exception-xss.js:180:26:180:30 | error |
| exception-xss.js:182:19:182:23 | error |
| exception-xss.js:182:19:182:23 | error |
| ajv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() |
| ajv.js:24:18:24:26 | val.error | semmle.label | val.error |
| exception-xss.js:2:6:2:28 | foo | semmle.label | foo |
| exception-xss.js:2:12:2:28 | document.location | semmle.label | document.location |
| exception-xss.js:4:17:4:17 | x | semmle.label | x |
| exception-xss.js:5:11:5:11 | x | semmle.label | x |
| exception-xss.js:9:11:9:13 | foo | semmle.label | foo |
| exception-xss.js:10:11:10:11 | e | semmle.label | e |
| exception-xss.js:11:18:11:18 | e | semmle.label | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | semmle.label | exceptional return of inner(foo) |
| exception-xss.js:15:9:15:11 | foo | semmle.label | foo |
| exception-xss.js:16:11:16:11 | e | semmle.label | e |
| exception-xss.js:17:18:17:18 | e | semmle.label | e |
| exception-xss.js:21:11:21:13 | foo | semmle.label | foo |
| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" |
| exception-xss.js:22:11:22:11 | e | semmle.label | e |
| exception-xss.js:23:18:23:18 | e | semmle.label | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | semmle.label | ["bar", foo] [1] |
| exception-xss.js:33:19:33:21 | foo | semmle.label | foo |
| exception-xss.js:34:11:34:11 | e | semmle.label | e |
| exception-xss.js:35:18:35:18 | e | semmle.label | e |
| exception-xss.js:38:16:38:16 | x | semmle.label | x |
| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | semmle.label | exceptional return of deep2(x) |
| exception-xss.js:39:9:39:9 | x | semmle.label | x |
| exception-xss.js:41:17:41:17 | x | semmle.label | x |
| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) |
| exception-xss.js:42:9:42:9 | x | semmle.label | x |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | semmle.label | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:8:46:18 | "bar" + foo | semmle.label | "bar" + foo |
| exception-xss.js:46:16:46:18 | foo | semmle.label | foo |
| exception-xss.js:47:11:47:11 | e | semmle.label | e |
| exception-xss.js:48:18:48:18 | e | semmle.label | e |
| exception-xss.js:74:28:74:28 | x | semmle.label | x |
| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) |
| exception-xss.js:75:10:75:10 | x | semmle.label | x |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | semmle.label | exceptional return of myWeirdInner(foo) |
| exception-xss.js:81:16:81:18 | foo | semmle.label | foo |
| exception-xss.js:82:11:82:11 | e | semmle.label | e |
| exception-xss.js:83:18:83:18 | e | semmle.label | e |
| exception-xss.js:89:11:89:13 | foo | semmle.label | foo |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) |
| exception-xss.js:90:11:90:11 | e | semmle.label | e |
| exception-xss.js:91:18:91:18 | e | semmle.label | e |
| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | semmle.label | [foo, "bar"] [0] |
| exception-xss.js:95:12:95:14 | foo | semmle.label | foo |
| exception-xss.js:96:11:96:11 | e | semmle.label | e |
| exception-xss.js:97:18:97:18 | e | semmle.label | e |
| exception-xss.js:102:12:102:14 | foo | semmle.label | foo |
| exception-xss.js:106:11:106:11 | e | semmle.label | e |
| exception-xss.js:107:18:107:18 | e | semmle.label | e |
| exception-xss.js:117:11:117:23 | req.params.id | semmle.label | req.params.id |
| exception-xss.js:118:11:118:11 | e | semmle.label | e |
| exception-xss.js:119:12:119:28 | "Exception: " + e | semmle.label | "Exception: " + e |
| exception-xss.js:119:28:119:28 | e | semmle.label | e |
| exception-xss.js:125:45:125:68 | documen ... .search | semmle.label | documen ... .search |
| exception-xss.js:128:11:128:52 | session ... ssion') | semmle.label | session ... ssion') |
| exception-xss.js:129:11:129:11 | e | semmle.label | e |
| exception-xss.js:130:18:130:18 | e | semmle.label | e |
| exception-xss.js:136:10:136:22 | req.params.id | semmle.label | req.params.id |
| exception-xss.js:136:26:136:30 | error | semmle.label | error |
| exception-xss.js:138:19:138:23 | error | semmle.label | error |
| exception-xss.js:146:6:146:35 | foo | semmle.label | foo |
| exception-xss.js:146:12:146:35 | documen ... .search | semmle.label | documen ... .search |
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] |
| exception-xss.js:148:33:148:35 | foo | semmle.label | foo |
| exception-xss.js:148:55:148:55 | e | semmle.label | e |
| exception-xss.js:149:18:149:18 | e | semmle.label | e |
| exception-xss.js:153:8:153:10 | foo | semmle.label | foo |
| exception-xss.js:154:11:154:11 | e | semmle.label | e |
| exception-xss.js:155:18:155:18 | e | semmle.label | e |
| exception-xss.js:170:17:170:23 | tainted | semmle.label | tainted |
| exception-xss.js:171:11:171:17 | tainted | semmle.label | tainted |
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | semmle.label | exceptional return of inner(foo, resolve) |
| exception-xss.js:174:31:174:33 | foo | semmle.label | foo |
| exception-xss.js:174:53:174:53 | e | semmle.label | e |
| exception-xss.js:175:18:175:18 | e | semmle.label | e |
| exception-xss.js:180:10:180:22 | req.params.id | semmle.label | req.params.id |
| exception-xss.js:180:26:180:30 | error | semmle.label | error |
| exception-xss.js:182:19:182:23 | error | semmle.label | error |
edges
| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() |
| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo |
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo |
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e |
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e |
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e |
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" |
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo |
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e |
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e |
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e |
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e |
| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e |
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e |
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e |
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e |
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') |
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e |
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error |
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo |
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e |
| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e |
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e |
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error |
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | provenance | |
| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | provenance | |
| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | provenance | |
| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | provenance | |
| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | provenance | Config |
| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | provenance | |
| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | provenance | |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | provenance | Config |
| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | provenance | |
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | provenance | |
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | provenance | Config |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | provenance | |
| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | exception-xss.js:34:11:34:11 | e | provenance | Config |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] [1] | provenance | |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | provenance | |
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | provenance | |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | provenance | Config |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | provenance | |
| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | provenance | |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | provenance | Config |
| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | provenance | |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | provenance | |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | provenance | Config |
| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | provenance | |
| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | provenance | |
| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | provenance | |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | provenance | |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | provenance | Config |
| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | provenance | |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | provenance | |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | provenance | Config |
| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | provenance | |
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | provenance | |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | provenance | Config |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | provenance | |
| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | exception-xss.js:96:11:96:11 | e | provenance | Config |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | provenance | |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | provenance | |
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | provenance | Config |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | provenance | |
| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | provenance | Config |
| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | provenance | |
| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | provenance | |
| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | provenance | |
| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | provenance | Config |
| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | provenance | |
| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | provenance | Config |
| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | provenance | |
| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | provenance | |
| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | provenance | |
| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e | provenance | |
| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | provenance | Config |
| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | provenance | |
| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | provenance | Config |
| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | provenance | |
| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | provenance | |
| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e | provenance | |
| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | provenance | |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | provenance | |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | provenance | Config |
| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | provenance | |
| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | provenance | Config |
| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | provenance | |
subpaths
| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) |
| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) |
| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) |
| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) |
| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) |
| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) |
#select
| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error |
| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:24:18:24:26 | val.error | JSON schema validation error |

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql
View File

@@ -1,3 +1,3 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss

819
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -1,491 +1,348 @@
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:17:31:17:39 | params.id |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:32:14:32:21 | req.body |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body |
| ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:68:33:68:40 | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:72:48:72:55 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:20:74:27 | req.body |
| ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:85:23:85:30 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:100:31:100:38 | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:103:76:103:83 | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id |
| ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:12:11:19 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:4:21:4:27 | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted |
| live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:10:21:10:27 | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst2.js:8:12:8:12 | r |
| tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:14:9:14:9 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:18:12:18:12 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:21:14:21:14 | p |
| tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:30:9:30:9 | p |
| tst2.js:33:11:33:11 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:36:12:36:12 | p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:43:9:43:9 | p |
| tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:72:11:72:11 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:6:12:6:12 | p |
| tst3.js:11:9:11:74 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:11:32:11:39 | reg.body |
| tst3.js:12:12:12:15 | code |
| tst3.js:12:12:12:15 | code |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable |
| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) |
| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f |
| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) |
| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray |
| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray |
| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` |
| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) |
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | |
| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | |
| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | |
| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | |
| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | |
| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | |
| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | |
| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | |
| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | |
| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | |
| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | |
| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | |
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | |
| ReflectedXss.js:118:11:118:61 | keyArray [0] | ReflectedXss.js:119:25:119:32 | keyArray [0] | provenance | |
| ReflectedXss.js:118:49:118:54 | [keys] [0] | ReflectedXss.js:118:11:118:61 | keyArray [0] | provenance | |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] [0] | provenance | |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | |
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | ReflectedXss.js:122:33:122:43 | invalidKeys [0] | provenance | |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | |
| ReflectedXss.js:119:25:119:32 | keyArray [0] | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | provenance | |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | ReflectedXss.js:119:11:119:72 | invalidKeys [0] | provenance | |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | provenance | |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | ReflectedXssGood3.js:108:10:108:14 | parts [0] | provenance | |
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | ReflectedXssGood3.js:77:7:77:37 | parts [0] | provenance | |
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | provenance | |
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts [0] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | provenance | |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | provenance | |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | provenance | |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | provenance | |
| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | provenance | |
| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | provenance | |
| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | `<html> ... /html>` | provenance | |
| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | provenance | |
| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | provenance | |
| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | `<html> ... /html>` | provenance | |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | provenance | |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | provenance | |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | provenance | |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | provenance | |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | provenance | |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | provenance | |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | provenance | |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | provenance | |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | provenance | |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | provenance | |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | provenance | |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | provenance | |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | provenance | |
| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | provenance | |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | provenance | |
| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | provenance | |
| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | provenance | |
| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | provenance | |
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | |
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | |
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | |
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | |
| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | |
| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | |
| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | |
| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | provenance | |
| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | provenance | |
| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | provenance | |
| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | provenance | |
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | provenance | |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | provenance | |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | provenance | |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | |
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | |
| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | |
| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | |
| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | |
| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | provenance | |
| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | provenance | |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | |
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | |
| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | |
| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | provenance | |
| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | provenance | |
| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | provenance | |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | |
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | |
| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | |
| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | |
| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | provenance | |
| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | provenance | |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | provenance | |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | provenance | |
| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | provenance | |
| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | |
| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | |
nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id |
| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id |
| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:64:39:64:42 | file | semmle.label | file |
| ReflectedXss.js:65:16:65:19 | file | semmle.label | file |
| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) |
| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() |
| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body |
| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) |
| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString |
| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body |
| ReflectedXss.js:74:34:74:34 | f | semmle.label | f |
| ReflectedXss.js:75:14:75:14 | f | semmle.label | f |
| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) |
| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body |
| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) |
| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body |
| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body |
| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body |
| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) |
| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body |
| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p |
| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys |
| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys |
| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys |
| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:118:11:118:61 | keyArray [0] | semmle.label | keyArray [0] |
| ReflectedXss.js:118:49:118:54 | [keys] [0] | semmle.label | [keys] [0] |
| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys |
| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | semmle.label | invalidKeys [0] |
| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:119:25:119:32 | keyArray [0] | semmle.label | keyArray [0] |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | semmle.label | keyArra ... s(key)) [0] |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | semmle.label | invalidKeys [0] |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id |
| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | semmle.label | parts [0] |
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | semmle.label | [value. ... (0, i)] [0] |
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | semmle.label | [post update] parts [ArrayElement] |
| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) |
| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts |
| ReflectedXssGood3.js:108:10:108:14 | parts [0] | semmle.label | parts [0] |
| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | semmle.label | parts [ArrayElement] |
| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') |
| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) |
| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url |
| etherpad.js:9:5:9:53 | response | semmle.label | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp |
| etherpad.js:11:12:11:19 | response | semmle.label | response |
| formatting.js:4:9:4:29 | evil | semmle.label | evil |
| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil | semmle.label | evil |
| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) |
| formatting.js:7:49:7:52 | evil | semmle.label | evil |
| live-server.js:4:11:4:27 | tainted | semmle.label | tainted |
| live-server.js:4:21:4:27 | req.url | semmle.label | req.url |
| live-server.js:6:13:6:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:6:28:6:34 | tainted | semmle.label | tainted |
| live-server.js:10:11:10:27 | tainted | semmle.label | tainted |
| live-server.js:10:21:10:27 | req.url | semmle.label | req.url |
| live-server.js:12:13:12:50 | `<html> ... /html>` | semmle.label | `<html> ... /html>` |
| live-server.js:12:28:12:34 | tainted | semmle.label | tainted |
| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url |
| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url |
| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url |
| partial.js:9:25:9:25 | x | semmle.label | x |
| partial.js:10:14:10:14 | x | semmle.label | x |
| partial.js:10:14:10:18 | x + y | semmle.label | x + y |
| partial.js:13:42:13:48 | req.url | semmle.label | req.url |
| partial.js:18:25:18:25 | x | semmle.label | x |
| partial.js:19:14:19:14 | x | semmle.label | x |
| partial.js:19:14:19:18 | x + y | semmle.label | x + y |
| partial.js:22:51:22:57 | req.url | semmle.label | req.url |
| partial.js:27:25:27:25 | x | semmle.label | x |
| partial.js:28:14:28:14 | x | semmle.label | x |
| partial.js:28:14:28:18 | x + y | semmle.label | x + y |
| partial.js:31:47:31:53 | req.url | semmle.label | req.url |
| partial.js:36:25:36:25 | x | semmle.label | x |
| partial.js:37:14:37:14 | x | semmle.label | x |
| partial.js:37:14:37:18 | x + y | semmle.label | x + y |
| partial.js:40:43:40:49 | req.url | semmle.label | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] |
| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | semmle.label | resolve [Return] [resolve-value] |
| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] |
| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data |
| promises.js:6:11:6:11 | x | semmle.label | x |
| promises.js:6:25:6:25 | x | semmle.label | x |
| tst2.js:6:7:6:30 | p | semmle.label | p |
| tst2.js:6:7:6:30 | r | semmle.label | r |
| tst2.js:6:9:6:9 | p | semmle.label | p |
| tst2.js:6:12:6:15 | q: r | semmle.label | q: r |
| tst2.js:7:12:7:12 | p | semmle.label | p |
| tst2.js:8:12:8:12 | r | semmle.label | r |
| tst2.js:14:7:14:24 | p | semmle.label | p |
| tst2.js:14:9:14:9 | p | semmle.label | p |
| tst2.js:18:12:18:12 | p | semmle.label | p |
| tst2.js:21:14:21:14 | p | semmle.label | p |
| tst2.js:30:7:30:24 | p | semmle.label | p |
| tst2.js:30:9:30:9 | p | semmle.label | p |
| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:33:11:33:11 | p | semmle.label | p |
| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] |
| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] |
| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] |
| tst2.js:36:12:36:12 | p | semmle.label | p |
| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] |
| tst2.js:37:12:37:18 | other.p | semmle.label | other.p |
| tst2.js:43:7:43:24 | p | semmle.label | p |
| tst2.js:43:9:43:9 | p | semmle.label | p |
| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) |
| tst2.js:49:36:49:36 | p | semmle.label | p |
| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe |
| tst2.js:57:7:57:24 | p | semmle.label | p |
| tst2.js:57:9:57:9 | p | semmle.label | p |
| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:60:11:60:11 | p | semmle.label | p |
| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] |
| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] |
| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] |
| tst2.js:63:12:63:12 | p | semmle.label | p |
| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] |
| tst2.js:64:12:64:18 | other.p | semmle.label | other.p |
| tst2.js:69:7:69:24 | p | semmle.label | p |
| tst2.js:69:9:69:9 | p | semmle.label | p |
| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:72:11:72:11 | p | semmle.label | p |
| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] |
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] |
| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] |
| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] |
| tst2.js:75:12:75:12 | p | semmle.label | p |
| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] |
| tst2.js:76:12:76:18 | other.p | semmle.label | other.p |
| tst2.js:82:7:82:24 | p | semmle.label | p |
| tst2.js:82:9:82:9 | p | semmle.label | p |
| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
| tst2.js:85:11:85:11 | p | semmle.label | p |
| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] |
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] |
| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] |
| tst2.js:88:12:88:12 | p | semmle.label | p |
| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] |
| tst2.js:89:12:89:18 | other.p | semmle.label | other.p |
| tst3.js:5:7:5:24 | p | semmle.label | p |
| tst3.js:5:9:5:9 | p | semmle.label | p |
| tst3.js:6:12:6:12 | p | semmle.label | p |
| tst3.js:11:9:11:74 | code | semmle.label | code |
| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) |
| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body |
| tst3.js:12:12:12:15 | code | semmle.label | code |
subpaths
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) |
#select
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value |
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js
View File

@@ -31,7 +31,7 @@ app.get('/user/:id', function(req, res) {
['Name', 'Content'],
['body', req.body]
]);
res.send(mytable); // NOT OK
res.send(mytable); // NOT OK - FIXME: only works in OLD dataflow, add implicit reads before library-contributed taint steps
});
var showdown = require('showdown');

1
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -3,7 +3,6 @@
| ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |

11
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql
View File

@@ -3,18 +3,17 @@
//
import javascript
import semmle.javascript.security.dataflow.ReflectedXssQuery
private import semmle.javascript.security.dataflow.Xss::Shared as SharedXss
class IsVarNameSanitizer extends TaintTracking::AdditionalSanitizerGuardNode, DataFlow::CallNode {
class IsVarNameSanitizer extends SharedXss::BarrierGuard, DataFlow::CallNode {
IsVarNameSanitizer() { this.getCalleeName() = "isVarName" }
override predicate sanitizes(boolean outcome, Expr e) {
override predicate blocksExpr(boolean outcome, Expr e) {
outcome = true and
e = this.getArgument(0).asExpr()
}
override predicate appliesTo(TaintTracking::Configuration cfg) { cfg instanceof Configuration }
}
from Configuration xss, Source source, Sink sink
where xss.hasFlow(source, sink)
from Source source, Sink sink
where ReflectedXssFlow::flow(source, sink)
select sink, "Cross-site scripting vulnerability due to $@.", source, "user-provided value"

2
javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql
View File

@@ -1,3 +1,3 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss

152
javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected
View File

@@ -1,55 +1,105 @@
nodes
| xss-through-filenames.js:7:43:7:48 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-torrent.js:6:6:6:24 | name |
| xss-through-torrent.js:6:13:6:24 | torrent.name |
| xss-through-torrent.js:6:13:6:24 | torrent.name |
| xss-through-torrent.js:7:11:7:14 | name |
| xss-through-torrent.js:7:11:7:14 | name |
edges
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name |
| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name |
| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name |
| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | provenance | |
| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | provenance | |
| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | provenance | |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | |
| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | provenance | |
| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | provenance | |
nodes
| xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 |
| xss-through-filenames.js:17:21:17:26 | files2 | semmle.label | files2 |
| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] |
| xss-through-filenames.js:19:9:19:14 | files2 | semmle.label | files2 |
| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file |
| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 |
| xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | semmle.label | [post update] files3 [ArrayElement] |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | semmle.label | '<li>' ... '</li>' |
| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] |
| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') |
| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') |
| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 |
| xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 |
| xss-through-filenames.js:30:34:30:37 | file | semmle.label | file |
| xss-through-filenames.js:31:13:31:18 | [post update] files2 | semmle.label | [post update] files2 |
| xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | semmle.label | [post update] files2 [ArrayElement] |
| xss-through-filenames.js:31:25:31:28 | file | semmle.label | file |
| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] |
| xss-through-filenames.js:35:13:35:35 | files3 | semmle.label | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) | semmle.label | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 | semmle.label | files2 |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] |
| xss-through-filenames.js:37:19:37:24 | files3 | semmle.label | files3 |
| xss-through-torrent.js:6:6:6:24 | name | semmle.label | name |
| xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name |
| xss-through-torrent.js:7:11:7:14 | name | semmle.label | name |
subpaths
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) |
#select
| xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value |
| xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |

2
javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql
View File

@@ -1,3 +1,3 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery as UnsafeHtmlConstruction

389
javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected
View File

@@ -1,287 +1,111 @@
nodes
| jquery-plugin.js:11:27:11:31 | stuff |
| jquery-plugin.js:11:27:11:31 | stuff |
| jquery-plugin.js:11:34:11:40 | options |
| jquery-plugin.js:11:34:11:40 | options |
| jquery-plugin.js:11:34:11:40 | options |
| jquery-plugin.js:11:34:11:40 | options |
| jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:14:31:14:35 | stuff |
| lib2/index.ts:1:28:1:28 | s |
| lib2/index.ts:1:28:1:28 | s |
| lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:6:29:6:36 | settings |
| lib2/index.ts:6:29:6:36 | settings |
| lib2/index.ts:6:29:6:36 | settings |
| lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:13:9:13:41 | name |
| lib2/index.ts:13:16:13:23 | settings |
| lib2/index.ts:13:16:13:33 | settings.mySetting |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] |
| lib2/index.ts:13:16:13:41 | setting ... i].name |
| lib2/index.ts:18:62:18:65 | name |
| lib2/index.ts:18:62:18:65 | name |
| lib2/src/MyNode.ts:1:28:1:28 | s |
| lib2/src/MyNode.ts:1:28:1:28 | s |
| lib2/src/MyNode.ts:2:29:2:29 | s |
| lib2/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s |
| lib/src/MyNode.ts:1:28:1:28 | s |
| lib/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:2:29:2:29 | s |
| main.js:1:55:1:55 | s |
| main.js:1:55:1:55 | s |
| main.js:2:29:2:29 | s |
| main.js:2:29:2:29 | s |
| main.js:6:49:6:49 | s |
| main.js:6:49:6:49 | s |
| main.js:7:49:7:49 | s |
| main.js:7:49:7:49 | s |
| main.js:11:60:11:60 | s |
| main.js:11:60:11:60 | s |
| main.js:12:49:12:49 | s |
| main.js:12:49:12:49 | s |
| main.js:21:47:21:47 | s |
| main.js:21:47:21:47 | s |
| main.js:22:34:22:34 | s |
| main.js:22:34:22:34 | s |
| main.js:41:17:41:17 | s |
| main.js:42:21:42:21 | s |
| main.js:47:65:47:73 | this.step |
| main.js:47:65:47:73 | this.step |
| main.js:52:41:52:41 | s |
| main.js:52:41:52:41 | s |
| main.js:53:20:53:20 | s |
| main.js:56:28:56:34 | options |
| main.js:56:28:56:34 | options |
| main.js:56:28:56:34 | options |
| main.js:56:28:56:34 | options |
| main.js:57:11:59:5 | defaults |
| main.js:57:11:59:5 | defaults |
| main.js:57:11:59:5 | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:60:11:60:48 | settings |
| main.js:60:11:60:48 | settings |
| main.js:60:11:60:48 | settings |
| main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:31:60:38 | defaults |
| main.js:60:31:60:38 | defaults |
| main.js:60:31:60:38 | defaults |
| main.js:60:41:60:47 | options |
| main.js:60:41:60:47 | options |
| main.js:60:41:60:47 | options |
| main.js:62:19:62:26 | settings |
| main.js:62:19:62:26 | settings |
| main.js:62:19:62:26 | settings |
| main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:31 | settings.name |
| main.js:66:35:66:41 | attrVal |
| main.js:66:35:66:41 | attrVal |
| main.js:67:63:67:69 | attrVal |
| main.js:67:63:67:69 | attrVal |
| main.js:79:34:79:36 | val |
| main.js:79:34:79:36 | val |
| main.js:81:35:81:37 | val |
| main.js:81:35:81:37 | val |
| main.js:89:21:89:21 | x |
| main.js:90:23:90:23 | x |
| main.js:90:23:90:23 | x |
| main.js:93:43:93:43 | x |
| main.js:93:43:93:43 | x |
| main.js:94:31:94:31 | x |
| main.js:98:43:98:43 | x |
| main.js:98:43:98:43 | x |
| main.js:99:28:99:28 | x |
| main.js:99:28:99:28 | x |
| main.js:103:43:103:43 | x |
| main.js:103:43:103:43 | x |
| main.js:105:26:105:26 | x |
| main.js:105:26:105:26 | x |
| main.js:109:41:109:41 | x |
| main.js:109:41:109:41 | x |
| main.js:111:37:111:37 | x |
| main.js:111:37:111:37 | x |
| main.js:116:47:116:47 | s |
| main.js:116:47:116:47 | s |
| main.js:117:34:117:34 | s |
| main.js:117:34:117:34 | s |
| typed.ts:1:39:1:39 | s |
| typed.ts:1:39:1:39 | s |
| typed.ts:2:29:2:29 | s |
| typed.ts:2:29:2:29 | s |
| typed.ts:6:43:6:43 | s |
| typed.ts:6:43:6:43 | s |
| typed.ts:8:40:8:40 | s |
| typed.ts:8:40:8:40 | s |
| typed.ts:11:20:11:20 | s |
| typed.ts:11:20:11:20 | s |
| typed.ts:12:12:12:12 | s |
| typed.ts:16:11:16:21 | s |
| typed.ts:16:15:16:21 | id("x") |
| typed.ts:17:29:17:29 | s |
| typed.ts:17:29:17:29 | s |
| jquery-plugin.js:11:27:11:31 | stuff | semmle.label | stuff |
| jquery-plugin.js:11:34:11:40 | options | semmle.label | options |
| jquery-plugin.js:12:31:12:37 | options | semmle.label | options |
| jquery-plugin.js:12:31:12:41 | options.foo | semmle.label | options.foo |
| jquery-plugin.js:14:31:14:35 | stuff | semmle.label | stuff |
| lib2/index.ts:1:28:1:28 | s | semmle.label | s |
| lib2/index.ts:2:27:2:27 | s | semmle.label | s |
| lib2/index.ts:6:29:6:36 | settings | semmle.label | settings |
| lib2/index.ts:7:58:7:65 | settings | semmle.label | settings |
| lib2/index.ts:13:9:13:41 | name | semmle.label | name |
| lib2/index.ts:13:16:13:23 | settings | semmle.label | settings |
| lib2/index.ts:13:16:13:33 | settings.mySetting | semmle.label | settings.mySetting |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] | semmle.label | setting ... ting[i] |
| lib2/index.ts:13:16:13:41 | setting ... i].name | semmle.label | setting ... i].name |
| lib2/index.ts:18:62:18:65 | name | semmle.label | name |
| lib2/src/MyNode.ts:1:28:1:28 | s | semmle.label | s |
| lib2/src/MyNode.ts:2:29:2:29 | s | semmle.label | s |
| lib/src/MyNode.ts:1:28:1:28 | s | semmle.label | s |
| lib/src/MyNode.ts:2:29:2:29 | s | semmle.label | s |
| main.js:1:55:1:55 | s | semmle.label | s |
| main.js:2:29:2:29 | s | semmle.label | s |
| main.js:6:49:6:49 | s | semmle.label | s |
| main.js:7:49:7:49 | s | semmle.label | s |
| main.js:11:60:11:60 | s | semmle.label | s |
| main.js:12:49:12:49 | s | semmle.label | s |
| main.js:21:47:21:47 | s | semmle.label | s |
| main.js:22:34:22:34 | s | semmle.label | s |
| main.js:56:28:56:34 | options | semmle.label | options |
| main.js:57:11:59:5 | defaults | semmle.label | defaults |
| main.js:57:11:59:5 | defaults | semmle.label | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } |
| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } |
| main.js:60:11:60:48 | settings | semmle.label | settings |
| main.js:60:22:60:48 | $.exten ... ptions) | semmle.label | $.exten ... ptions) |
| main.js:60:31:60:38 | defaults | semmle.label | defaults |
| main.js:60:31:60:38 | defaults | semmle.label | defaults |
| main.js:60:41:60:47 | options | semmle.label | options |
| main.js:62:19:62:26 | settings | semmle.label | settings |
| main.js:62:19:62:31 | settings.name | semmle.label | settings.name |
| main.js:66:35:66:41 | attrVal | semmle.label | attrVal |
| main.js:67:63:67:69 | attrVal | semmle.label | attrVal |
| main.js:79:34:79:36 | val | semmle.label | val |
| main.js:81:35:81:37 | val | semmle.label | val |
| main.js:89:21:89:21 | x | semmle.label | x |
| main.js:90:23:90:23 | x | semmle.label | x |
| main.js:93:43:93:43 | x | semmle.label | x |
| main.js:94:31:94:31 | x | semmle.label | x |
| main.js:98:43:98:43 | x | semmle.label | x |
| main.js:99:28:99:28 | x | semmle.label | x |
| main.js:103:43:103:43 | x | semmle.label | x |
| main.js:105:26:105:26 | x | semmle.label | x |
| main.js:109:41:109:41 | x | semmle.label | x |
| main.js:111:37:111:37 | x | semmle.label | x |
| main.js:116:47:116:47 | s | semmle.label | s |
| main.js:117:34:117:34 | s | semmle.label | s |
| typed.ts:1:39:1:39 | s | semmle.label | s |
| typed.ts:2:29:2:29 | s | semmle.label | s |
| typed.ts:6:43:6:43 | s | semmle.label | s |
| typed.ts:8:40:8:40 | s | semmle.label | s |
edges
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings |
| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name |
| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name |
| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting |
| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name |
| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s |
| main.js:41:17:41:17 | s | main.js:42:21:42:21 | s |
| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step |
| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step |
| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s |
| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s |
| main.js:53:20:53:20 | s | main.js:41:17:41:17 | s |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val |
| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x |
| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x |
| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x |
| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x |
| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s |
| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s |
| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s |
| typed.ts:12:12:12:12 | s | typed.ts:16:15:16:21 | id("x") |
| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s |
| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s |
| typed.ts:16:15:16:21 | id("x") | typed.ts:16:11:16:21 | s |
| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | provenance | |
| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | provenance | |
| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | provenance | Config |
| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | provenance | |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | provenance | |
| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | provenance | |
| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | provenance | |
| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | provenance | Config |
| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | provenance | Config |
| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | provenance | Config |
| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | provenance | |
| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | provenance | |
| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | provenance | |
| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | provenance | |
| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | provenance | |
| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | provenance | |
| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | provenance | |
| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | provenance | |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | |
| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | |
| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | |
| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | provenance | |
| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | provenance | |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | |
| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | |
| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | Config |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | |
| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config |
| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | provenance | Config |
| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | provenance | |
| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | provenance | |
| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | provenance | |
| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | provenance | |
| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | provenance | |
| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | provenance | |
| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | provenance | |
| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | provenance | |
| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | provenance | |
subpaths
#select
| jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | cross-site scripting |
| jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | cross-site scripting |
@@ -295,7 +119,6 @@ edges
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
| main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
| main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting |
| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | This HTML construction which depends on $@ might later allow $@. | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | "<span> ... /span>" | cross-site scripting |
| main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | This HTML construction which depends on $@ might later allow $@. | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "<b>" + ... "</b>" | cross-site scripting |
| main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | This HTML construction which depends on $@ might later allow $@. | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "<img a ... "\\"/>" | cross-site scripting |
| main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | This HTML construction which depends on $@ might later allow $@. | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | "<span> ... /span>" | cross-site scripting |

2
javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql
View File

@@ -1,3 +1,3 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery as UnsafeJqueryPlugin

417
javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected
View File

@@ -1,261 +1,164 @@
nodes
| unsafe-jquery-plugin.js:2:38:2:44 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options |
| unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:5:5:5:11 | options |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
| unsafe-jquery-plugin.js:7:17:7:23 | options |
| unsafe-jquery-plugin.js:7:17:7:30 | options.target |
| unsafe-jquery-plugin.js:11:7:11:29 | target |
| unsafe-jquery-plugin.js:11:16:11:22 | options |
| unsafe-jquery-plugin.js:11:16:11:29 | options.target |
| unsafe-jquery-plugin.js:22:6:22:11 | target |
| unsafe-jquery-plugin.js:22:6:22:11 | target |
| unsafe-jquery-plugin.js:30:6:30:11 | target |
| unsafe-jquery-plugin.js:30:6:30:11 | target |
| unsafe-jquery-plugin.js:36:6:36:11 | target |
| unsafe-jquery-plugin.js:36:6:36:11 | target |
| unsafe-jquery-plugin.js:40:6:40:11 | target |
| unsafe-jquery-plugin.js:40:6:40:11 | target |
| unsafe-jquery-plugin.js:48:6:48:11 | target |
| unsafe-jquery-plugin.js:48:6:48:11 | target |
| unsafe-jquery-plugin.js:52:6:52:11 | target |
| unsafe-jquery-plugin.js:52:6:52:11 | target |
| unsafe-jquery-plugin.js:60:6:60:11 | target |
| unsafe-jquery-plugin.js:60:6:60:11 | target |
| unsafe-jquery-plugin.js:65:47:65:53 | options |
| unsafe-jquery-plugin.js:65:47:65:53 | options |
| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:67:33:67:34 | {} |
| unsafe-jquery-plugin.js:67:37:67:43 | options |
| unsafe-jquery-plugin.js:68:7:68:18 | this.options |
| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent |
| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
| unsafe-jquery-plugin.js:71:38:71:44 | options |
| unsafe-jquery-plugin.js:71:38:71:44 | options |
| unsafe-jquery-plugin.js:72:5:72:11 | options |
| unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:76:38:76:44 | options |
| unsafe-jquery-plugin.js:76:38:76:44 | options |
| unsafe-jquery-plugin.js:77:17:77:23 | options |
| unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:84:38:84:44 | options |
| unsafe-jquery-plugin.js:84:38:84:44 | options |
| unsafe-jquery-plugin.js:85:14:85:14 | o |
| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
| unsafe-jquery-plugin.js:86:22:86:23 | {} |
| unsafe-jquery-plugin.js:86:26:86:26 | o |
| unsafe-jquery-plugin.js:87:8:87:24 | t |
| unsafe-jquery-plugin.js:87:12:87:17 | this.o |
| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
| unsafe-jquery-plugin.js:90:6:90:6 | t |
| unsafe-jquery-plugin.js:90:6:90:6 | t |
| unsafe-jquery-plugin.js:92:5:92:11 | options |
| unsafe-jquery-plugin.js:101:38:101:44 | options |
| unsafe-jquery-plugin.js:101:38:101:44 | options |
| unsafe-jquery-plugin.js:102:3:105:13 | options |
| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
| unsafe-jquery-plugin.js:105:6:105:12 | options |
| unsafe-jquery-plugin.js:107:5:107:11 | options |
| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
| unsafe-jquery-plugin.js:114:38:114:44 | options |
| unsafe-jquery-plugin.js:114:38:114:44 | options |
| unsafe-jquery-plugin.js:115:3:115:58 | options |
| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:115:22:115:23 | {} |
| unsafe-jquery-plugin.js:115:51:115:57 | options |
| unsafe-jquery-plugin.js:117:5:117:11 | options |
| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
| unsafe-jquery-plugin.js:121:40:121:46 | options |
| unsafe-jquery-plugin.js:121:40:121:46 | options |
| unsafe-jquery-plugin.js:122:5:122:11 | options |
| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
| unsafe-jquery-plugin.js:126:33:126:39 | options |
| unsafe-jquery-plugin.js:126:33:126:39 | options |
| unsafe-jquery-plugin.js:127:6:127:12 | options |
| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
| unsafe-jquery-plugin.js:131:34:131:40 | options |
| unsafe-jquery-plugin.js:131:34:131:40 | options |
| unsafe-jquery-plugin.js:132:5:132:11 | options |
| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
| unsafe-jquery-plugin.js:135:36:135:42 | options |
| unsafe-jquery-plugin.js:135:36:135:42 | options |
| unsafe-jquery-plugin.js:136:5:136:11 | options |
| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
| unsafe-jquery-plugin.js:153:38:153:44 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options |
| unsafe-jquery-plugin.js:154:16:154:22 | options |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target |
| unsafe-jquery-plugin.js:156:3:156:9 | options |
| unsafe-jquery-plugin.js:156:3:156:16 | options.target |
| unsafe-jquery-plugin.js:157:44:157:50 | options |
| unsafe-jquery-plugin.js:157:44:157:57 | options.target |
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
| unsafe-jquery-plugin.js:160:38:160:44 | options |
| unsafe-jquery-plugin.js:160:38:160:44 | options |
| unsafe-jquery-plugin.js:165:7:165:29 | target |
| unsafe-jquery-plugin.js:165:16:165:22 | options |
| unsafe-jquery-plugin.js:165:16:165:29 | options.target |
| unsafe-jquery-plugin.js:170:6:170:11 | target |
| unsafe-jquery-plugin.js:170:6:170:11 | target |
| unsafe-jquery-plugin.js:178:27:178:33 | options |
| unsafe-jquery-plugin.js:178:27:178:33 | options |
| unsafe-jquery-plugin.js:179:5:179:11 | options |
| unsafe-jquery-plugin.js:179:5:179:18 | options.target |
| unsafe-jquery-plugin.js:179:5:179:18 | options.target |
| unsafe-jquery-plugin.js:185:28:185:34 | options |
| unsafe-jquery-plugin.js:185:28:185:34 | options |
| unsafe-jquery-plugin.js:186:21:186:27 | options |
| unsafe-jquery-plugin.js:186:21:186:30 | options.of |
| unsafe-jquery-plugin.js:192:19:192:28 | options.of |
| unsafe-jquery-plugin.js:192:19:192:28 | options.of |
edges
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target |
| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target |
| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target |
| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target |
| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options |
| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options |
| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:68:7:68:18 | this.options |
| unsafe-jquery-plugin.js:67:33:67:34 | {} | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:33:67:34 | {} |
| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent |
| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o |
| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o |
| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} |
| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t |
| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o |
| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options |
| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options |
| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options |
| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options |
| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} |
| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target |
| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options |
| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options |
| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target |
| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target |
| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:16:165:29 | options.target |
| unsafe-jquery-plugin.js:165:16:165:29 | options.target | unsafe-jquery-plugin.js:165:7:165:29 | target |
| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options |
| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options |
| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target |
| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target |
| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options |
| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options |
| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of |
| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | provenance | |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | provenance | |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | provenance | |
| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | provenance | |
| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config |
| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | provenance | |
| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | provenance | |
| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | |
| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | provenance | |
| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | provenance | |
| unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | unsafe-jquery-plugin.js:68:7:68:10 | this [options] | provenance | |
| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | provenance | |
| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | provenance | |
| unsafe-jquery-plugin.js:68:7:68:10 | this [options] | unsafe-jquery-plugin.js:68:7:68:18 | this.options | provenance | |
| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | provenance | |
| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | provenance | Config |
| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | provenance | |
| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | provenance | |
| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | provenance | |
| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | provenance | |
| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | provenance | |
| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o | provenance | |
| unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | unsafe-jquery-plugin.js:87:12:87:15 | this [o] | provenance | |
| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | provenance | |
| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | provenance | |
| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | provenance | |
| unsafe-jquery-plugin.js:87:12:87:15 | this [o] | unsafe-jquery-plugin.js:87:12:87:17 | this.o | provenance | |
| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:8:87:24 | t | provenance | |
| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o | provenance | |
| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | provenance | |
| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | provenance | |
| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | provenance | |
| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | provenance | |
| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | provenance | |
| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | provenance | |
| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | provenance | |
| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | provenance | |
| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | provenance | |
| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | provenance | |
| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | provenance | |
| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | provenance | |
| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | provenance | |
| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | provenance | |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | provenance | |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | provenance | |
| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | provenance | |
| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | provenance | |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | Config |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config |
| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | |
| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config |
| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | |
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | provenance | |
| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | provenance | |
| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | provenance | |
| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | provenance | |
| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | provenance | |
| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | provenance | |
| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | provenance | |
| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | provenance | |
| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | provenance | Config |
nodes
| unsafe-jquery-plugin.js:2:38:2:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:3:5:3:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:5:5:5:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:7:17:7:23 | options | semmle.label | options |
| unsafe-jquery-plugin.js:7:17:7:30 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:11:7:11:29 | target | semmle.label | target |
| unsafe-jquery-plugin.js:11:16:11:22 | options | semmle.label | options |
| unsafe-jquery-plugin.js:11:16:11:29 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:22:6:22:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:30:6:30:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:36:6:36:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:40:6:40:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:48:6:48:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:52:6:52:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:60:6:60:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:65:47:65:53 | options | semmle.label | options |
| unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | semmle.label | [post update] this [options] |
| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | semmle.label | $.exten ... ptions) |
| unsafe-jquery-plugin.js:67:37:67:43 | options | semmle.label | options |
| unsafe-jquery-plugin.js:68:7:68:10 | this [options] | semmle.label | this [options] |
| unsafe-jquery-plugin.js:68:7:68:18 | this.options | semmle.label | this.options |
| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | semmle.label | this.options.parent |
| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | semmle.label | this.options.parent |
| unsafe-jquery-plugin.js:71:38:71:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:72:5:72:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | semmle.label | options.foo.bar.baz |
| unsafe-jquery-plugin.js:76:38:76:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:77:17:77:23 | options | semmle.label | options |
| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | semmle.label | options.foo.bar.baz |
| unsafe-jquery-plugin.js:84:38:84:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:85:14:85:14 | o | semmle.label | o |
| unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | semmle.label | [post update] this [o] |
| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | semmle.label | $.extend({}, o) |
| unsafe-jquery-plugin.js:86:26:86:26 | o | semmle.label | o |
| unsafe-jquery-plugin.js:87:8:87:24 | t | semmle.label | t |
| unsafe-jquery-plugin.js:87:12:87:15 | this [o] | semmle.label | this [o] |
| unsafe-jquery-plugin.js:87:12:87:17 | this.o | semmle.label | this.o |
| unsafe-jquery-plugin.js:90:6:90:6 | t | semmle.label | t |
| unsafe-jquery-plugin.js:92:5:92:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:101:38:101:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:102:3:105:13 | options | semmle.label | options |
| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | semmle.label | $.exten ... ptions) |
| unsafe-jquery-plugin.js:105:6:105:12 | options | semmle.label | options |
| unsafe-jquery-plugin.js:107:5:107:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:107:5:107:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:114:38:114:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:115:3:115:58 | options | semmle.label | options |
| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | semmle.label | $.exten ... ptions) |
| unsafe-jquery-plugin.js:115:51:115:57 | options | semmle.label | options |
| unsafe-jquery-plugin.js:117:5:117:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:117:5:117:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:121:40:121:46 | options | semmle.label | options |
| unsafe-jquery-plugin.js:122:5:122:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:122:5:122:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:126:33:126:39 | options | semmle.label | options |
| unsafe-jquery-plugin.js:127:6:127:12 | options | semmle.label | options |
| unsafe-jquery-plugin.js:127:6:127:19 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:131:34:131:40 | options | semmle.label | options |
| unsafe-jquery-plugin.js:132:5:132:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:132:5:132:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:135:36:135:42 | options | semmle.label | options |
| unsafe-jquery-plugin.js:136:5:136:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | semmle.label | options ... elector |
| unsafe-jquery-plugin.js:153:38:153:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:154:16:154:22 | options | semmle.label | options |
| unsafe-jquery-plugin.js:154:16:154:29 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:156:3:156:9 | options | semmle.label | options |
| unsafe-jquery-plugin.js:156:3:156:16 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:157:44:157:50 | options | semmle.label | options |
| unsafe-jquery-plugin.js:157:44:157:57 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | semmle.label | options.target.a |
| unsafe-jquery-plugin.js:160:38:160:44 | options | semmle.label | options |
| unsafe-jquery-plugin.js:165:7:165:29 | target | semmle.label | target |
| unsafe-jquery-plugin.js:165:16:165:22 | options | semmle.label | options |
| unsafe-jquery-plugin.js:170:6:170:11 | target | semmle.label | target |
| unsafe-jquery-plugin.js:178:27:178:33 | options | semmle.label | options |
| unsafe-jquery-plugin.js:179:5:179:11 | options | semmle.label | options |
| unsafe-jquery-plugin.js:179:5:179:18 | options.target | semmle.label | options.target |
| unsafe-jquery-plugin.js:185:28:185:34 | options | semmle.label | options |
| unsafe-jquery-plugin.js:186:21:186:27 | options | semmle.label | options |
| unsafe-jquery-plugin.js:186:21:186:30 | options.of | semmle.label | options.of |
| unsafe-jquery-plugin.js:192:19:192:28 | options.of | semmle.label | options.of |
subpaths
#select
| unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |

15
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql
View File

@@ -1,3 +1,14 @@
import javascript
import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.XssThroughDomQuery as ThroughDomXss
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.XssThroughDomQuery
deprecated class ConsistencyConfig extends ConsistencyConfiguration {
ConsistencyConfig() { this = "ConsistencyConfig" }
override DataFlow::Node getAnAlert() {
exists(DataFlow::Node source |
XssThroughDomFlow::flow(source, result) and
not isIgnoredSourceSinkPair(source, result)
)
}
}

409
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
View File

@@ -1,278 +1,141 @@
nodes
| forms.js:8:23:8:28 | values |
| forms.js:8:23:8:28 | values |
| forms.js:9:31:9:36 | values |
| forms.js:9:31:9:40 | values.foo |
| forms.js:9:31:9:40 | values.foo |
| forms.js:11:24:11:29 | values |
| forms.js:11:24:11:29 | values |
| forms.js:12:31:12:36 | values |
| forms.js:12:31:12:40 | values.bar |
| forms.js:12:31:12:40 | values.bar |
| forms.js:24:15:24:20 | values |
| forms.js:24:15:24:20 | values |
| forms.js:25:23:25:28 | values |
| forms.js:25:23:25:34 | values.email |
| forms.js:25:23:25:34 | values.email |
| forms.js:28:20:28:25 | values |
| forms.js:28:20:28:25 | values |
| forms.js:29:23:29:28 | values |
| forms.js:29:23:29:34 | values.email |
| forms.js:29:23:29:34 | values.email |
| forms.js:34:11:34:53 | values |
| forms.js:34:13:34:18 | values |
| forms.js:34:13:34:18 | values |
| forms.js:35:19:35:24 | values |
| forms.js:35:19:35:30 | values.email |
| forms.js:35:19:35:30 | values.email |
| forms.js:44:21:44:26 | values |
| forms.js:44:21:44:26 | values |
| forms.js:45:21:45:26 | values |
| forms.js:45:21:45:33 | values.stooge |
| forms.js:45:21:45:33 | values.stooge |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:71:21:71:24 | data |
| forms.js:71:21:71:24 | data |
| forms.js:72:19:72:22 | data |
| forms.js:72:19:72:27 | data.name |
| forms.js:72:19:72:27 | data.name |
| forms.js:92:17:92:36 | values |
| forms.js:92:26:92:36 | getValues() |
| forms.js:92:26:92:36 | getValues() |
| forms.js:93:25:93:30 | values |
| forms.js:93:25:93:35 | values.name |
| forms.js:93:25:93:35 | values.name |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
| xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() |
| xss-through-dom.js:84:15:84:30 | $("text").text() |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:33:86:36 | text |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:36:87:39 | text |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src |
| xss-through-dom.js:109:45:109:55 | this.el.src |
| xss-through-dom.js:114:11:114:52 | src |
| xss-through-dom.js:114:17:114:52 | documen ... k").src |
| xss-through-dom.js:114:17:114:52 | documen ... k").src |
| xss-through-dom.js:115:16:115:18 | src |
| xss-through-dom.js:115:16:115:18 | src |
| xss-through-dom.js:117:26:117:28 | src |
| xss-through-dom.js:117:26:117:28 | src |
| xss-through-dom.js:120:23:120:37 | ev.target.files |
| xss-through-dom.js:120:23:120:37 | ev.target.files |
| xss-through-dom.js:120:23:120:40 | ev.target.files[0] |
| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name |
| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name |
| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
| xss-through-dom.js:122:53:122:67 | ev.target.files |
| xss-through-dom.js:122:53:122:67 | ev.target.files |
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
| xss-through-dom.js:130:6:130:68 | linkText |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
| xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
| xss-through-dom.js:131:19:131:26 | linkText |
| xss-through-dom.js:131:19:131:26 | linkText |
| xss-through-dom.js:132:16:132:23 | linkText |
| xss-through-dom.js:132:16:132:23 | linkText |
| xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src |
| xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:154:25:154:27 | msg |
| xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() |
edges
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo |
| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo |
| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values |
| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values |
| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar |
| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar |
| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values |
| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values |
| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email |
| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email |
| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values |
| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values |
| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email |
| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email |
| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values |
| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values |
| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values |
| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email |
| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email |
| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values |
| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values |
| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge |
| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge |
| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value |
| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data |
| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data |
| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name |
| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name |
| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values |
| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values |
| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values |
| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name |
| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name |
| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src |
| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src |
| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src |
| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] |
| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] |
| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name |
| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name |
| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' |
| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | xss-through-dom.js:130:6:130:68 | linkText |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
| angular.ts:12:5:12:23 | field: string = ""; | angular.ts:33:24:33:33 | this.field | provenance | |
| angular.ts:29:24:29:33 | form.value | angular.ts:29:24:29:37 | form.value.foo | provenance | |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | provenance | |
| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | provenance | |
| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | provenance | |
| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | provenance | |
| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | provenance | |
| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | provenance | |
| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | provenance | |
| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | provenance | |
| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | provenance | |
| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | provenance | |
| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | provenance | |
| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | provenance | |
| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | provenance | |
| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | provenance | |
| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | provenance | |
| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | provenance | |
| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | provenance | |
| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | provenance | |
| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | provenance | |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | provenance | |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | provenance | |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | provenance | |
| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | provenance | |
| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | provenance | |
| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | provenance | |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | provenance | |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | provenance | |
| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | provenance | |
| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | provenance | |
| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | provenance | |
| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | provenance | |
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | provenance | Config |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | provenance | |
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | provenance | |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | provenance | |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | provenance | |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | provenance | |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | provenance | |
| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | provenance | |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | provenance | |
nodes
| angular.ts:12:5:12:23 | field: string = ""; | semmle.label | field: string = ""; |
| angular.ts:16:24:16:41 | event.target.value | semmle.label | event.target.value |
| angular.ts:20:24:20:35 | target.value | semmle.label | target.value |
| angular.ts:29:24:29:33 | form.value | semmle.label | form.value |
| angular.ts:29:24:29:37 | form.value.foo | semmle.label | form.value.foo |
| angular.ts:33:24:33:33 | this.field | semmle.label | this.field |
| forms.js:8:23:8:28 | values | semmle.label | values |
| forms.js:9:31:9:36 | values | semmle.label | values |
| forms.js:9:31:9:40 | values.foo | semmle.label | values.foo |
| forms.js:11:24:11:29 | values | semmle.label | values |
| forms.js:12:31:12:36 | values | semmle.label | values |
| forms.js:12:31:12:40 | values.bar | semmle.label | values.bar |
| forms.js:24:15:24:20 | values | semmle.label | values |
| forms.js:25:23:25:28 | values | semmle.label | values |
| forms.js:25:23:25:34 | values.email | semmle.label | values.email |
| forms.js:28:20:28:25 | values | semmle.label | values |
| forms.js:29:23:29:28 | values | semmle.label | values |
| forms.js:29:23:29:34 | values.email | semmle.label | values.email |
| forms.js:34:11:34:53 | values | semmle.label | values |
| forms.js:34:13:34:18 | values | semmle.label | values |
| forms.js:35:19:35:24 | values | semmle.label | values |
| forms.js:35:19:35:30 | values.email | semmle.label | values.email |
| forms.js:44:21:44:26 | values | semmle.label | values |
| forms.js:45:21:45:26 | values | semmle.label | values |
| forms.js:45:21:45:33 | values.stooge | semmle.label | values.stooge |
| forms.js:57:19:57:32 | e.target.value | semmle.label | e.target.value |
| forms.js:71:21:71:24 | data | semmle.label | data |
| forms.js:72:19:72:22 | data | semmle.label | data |
| forms.js:72:19:72:27 | data.name | semmle.label | data.name |
| forms.js:92:17:92:36 | values | semmle.label | values |
| forms.js:92:26:92:36 | getValues() | semmle.label | getValues() |
| forms.js:93:25:93:30 | values | semmle.label | values |
| forms.js:93:25:93:35 | values.name | semmle.label | values.name |
| forms.js:103:23:103:36 | e.target.value | semmle.label | e.target.value |
| forms.js:107:23:107:36 | e.target.value | semmle.label | e.target.value |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() | semmle.label | $("textarea").val() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | semmle.label | $(".som ... .text() |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | semmle.label | $(".som ... arget") |
| xss-through-dom.js:11:3:11:42 | documen ... nerText | semmle.label | documen ... nerText |
| xss-through-dom.js:19:3:19:44 | documen ... Content | semmle.label | documen ... Content |
| xss-through-dom.js:23:3:23:48 | documen ... ].value | semmle.label | documen ... ].value |
| xss-through-dom.js:27:3:27:61 | documen ... arget') | semmle.label | documen ... arget') |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() | semmle.label | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() | semmle.label | $("textarea").val() |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | semmle.label | $("inpu ... "name") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") | semmle.label | $(docum ... value") |
| xss-through-dom.js:64:30:64:40 | valMethod() | semmle.label | valMethod() |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name |
| xss-through-dom.js:73:9:73:41 | selector | semmle.label | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name |
| xss-through-dom.js:77:4:77:11 | selector | semmle.label | selector |
| xss-through-dom.js:79:4:79:34 | documen ... t.value | semmle.label | documen ... t.value |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | semmle.label | $('#foo ... rText') |
| xss-through-dom.js:84:8:84:30 | text | semmle.label | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() | semmle.label | $("text").text() |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | semmle.label | anser.a ... l(text) |
| xss-through-dom.js:86:33:86:36 | text | semmle.label | text |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | semmle.label | new ans ... s(text) |
| xss-through-dom.js:87:36:87:39 | text | semmle.label | text |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | semmle.label | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | semmle.label | $("#foo ... ].value |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | semmle.label | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | semmle.label | this.el.src |
| xss-through-dom.js:114:11:114:52 | src | semmle.label | src |
| xss-through-dom.js:114:17:114:52 | documen ... k").src | semmle.label | documen ... k").src |
| xss-through-dom.js:115:16:115:18 | src | semmle.label | src |
| xss-through-dom.js:117:26:117:28 | src | semmle.label | src |
| xss-through-dom.js:120:23:120:37 | ev.target.files | semmle.label | ev.target.files |
| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | semmle.label | ev.targ ... 0].name |
| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | semmle.label | URL.cre ... les[0]) |
| xss-through-dom.js:122:53:122:67 | ev.target.files | semmle.label | ev.target.files |
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | semmle.label | ev.target.files[0] |
| xss-through-dom.js:130:6:130:68 | linkText | semmle.label | linkText |
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | semmle.label | wSelect ... tring() |
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | semmle.label | dSelect ... tring() |
| xss-through-dom.js:131:19:131:26 | linkText | semmle.label | linkText |
| xss-through-dom.js:132:16:132:23 | linkText | semmle.label | linkText |
| xss-through-dom.js:139:11:139:52 | src | semmle.label | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | semmle.label | documen ... k").src |
| xss-through-dom.js:140:19:140:21 | src | semmle.label | src |
| xss-through-dom.js:141:25:141:27 | src | semmle.label | src |
| xss-through-dom.js:150:24:150:26 | src | semmle.label | src |
| xss-through-dom.js:154:25:154:27 | msg | semmle.label | msg |
| xss-through-dom.js:155:27:155:29 | msg | semmle.label | msg |
| xss-through-dom.js:159:34:159:52 | $("textarea").val() | semmle.label | $("textarea").val() |
subpaths
#select
| angular.ts:16:24:16:41 | event.target.value | angular.ts:16:24:16:41 | event.target.value | angular.ts:16:24:16:41 | event.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:16:24:16:41 | event.target.value | DOM text |
| angular.ts:20:24:20:35 | target.value | angular.ts:20:24:20:35 | target.value | angular.ts:20:24:20:35 | target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:20:24:20:35 | target.value | DOM text |
| angular.ts:29:24:29:37 | form.value.foo | angular.ts:29:24:29:33 | form.value | angular.ts:29:24:29:37 | form.value.foo | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:29:24:29:33 | form.value | DOM text |
| angular.ts:33:24:33:33 | this.field | angular.ts:12:5:12:23 | field: string = ""; | angular.ts:33:24:33:33 | this.field | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:12:5:12:23 | field: string = ""; | DOM text |
| forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
| forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
| forms.js:25:23:25:34 | values.email | forms.js:24:15:24:20 | values | forms.js:25:23:25:34 | values.email | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:24:15:24:20 | values | DOM text |

36
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/angular.ts Normal file
View File

@@ -0,0 +1,36 @@
import { Component } from "@angular/core";
import { NgForm } from "@angular/forms";
@Component({
template: `
<input type="text" (input)="setInput1($event)"></input>
<input type="text" (input)="setInput2($event.target)"></input>
<input type="text" [(ngModel)]="field"></input>
`
})
export class Foo {
field: string = "";
safeField: string = "";
setInput1(event) {
document.write(event.target.value); // NOT OK
}
setInput2(target) {
document.write(target.value); // NOT OK
}
setOtherInput(e) {
document.write(e.target.value); // OK
document.write(e.value); // OK
}
blah(form: NgForm) {
document.write(form.value.foo); // NOT OK
}
useField() {
document.write(this.field); // NOT OK
document.write(this.safeField); // OK
}
}

21
javascript/ql/test/query-tests/Security/CWE-089/local-threat-source/SqlInjection.expected
View File

@@ -1,17 +1,12 @@
nodes
| test.js:4:5:4:29 | temp |
| test.js:4:12:4:22 | process.env |
| test.js:4:12:4:22 | process.env |
| test.js:4:12:4:29 | process.env['foo'] |
| test.js:7:14:7:61 | 'SELECT ... + temp |
| test.js:7:14:7:61 | 'SELECT ... + temp |
| test.js:7:58:7:61 | temp |
| test.js:4:5:4:29 | temp | semmle.label | temp |
| test.js:4:12:4:22 | process.env | semmle.label | process.env |
| test.js:7:14:7:61 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp |
| test.js:7:58:7:61 | temp | semmle.label | temp |
edges
| test.js:4:5:4:29 | temp | test.js:7:58:7:61 | temp |
| test.js:4:12:4:22 | process.env | test.js:4:12:4:29 | process.env['foo'] |
| test.js:4:12:4:22 | process.env | test.js:4:12:4:29 | process.env['foo'] |
| test.js:4:12:4:29 | process.env['foo'] | test.js:4:5:4:29 | temp |
| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp |
| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp |
| test.js:4:5:4:29 | temp | test.js:7:58:7:61 | temp | provenance | |
| test.js:4:12:4:22 | process.env | test.js:4:5:4:29 | temp | provenance | |
| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp | provenance | |
subpaths
#select
| test.js:7:14:7:61 | 'SELECT ... + temp | test.js:4:12:4:22 | process.env | test.js:7:14:7:61 | 'SELECT ... + temp | This query string depends on a $@. | test.js:4:12:4:22 | process.env | user-provided value |

63
javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected
View File

@@ -1,41 +1,32 @@
nodes
| typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:29 | req.body |
| typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v |
| typedClient.ts:21:7:21:32 | v |
| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
| typedClient.ts:21:22:21:29 | req.body |
| typedClient.ts:21:22:21:29 | req.body |
| typedClient.ts:21:22:21:31 | req.body.x |
| typedClient.ts:22:27:22:35 | { id: v } |
| typedClient.ts:22:27:22:35 | { id: v } |
| typedClient.ts:22:33:22:33 | v |
| typedClient.ts:23:27:23:35 | { id: v } |
| typedClient.ts:23:27:23:35 | { id: v } |
| typedClient.ts:23:33:23:33 | v |
| typedClient.ts:13:7:13:32 | v | semmle.label | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) |
| typedClient.ts:13:22:13:29 | req.body | semmle.label | req.body |
| typedClient.ts:13:22:13:31 | req.body.x | semmle.label | req.body.x |
| typedClient.ts:14:24:14:32 | { id: v } | semmle.label | { id: v } |
| typedClient.ts:14:30:14:30 | v | semmle.label | v |
| typedClient.ts:21:7:21:32 | v | semmle.label | v |
| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) |
| typedClient.ts:21:22:21:29 | req.body | semmle.label | req.body |
| typedClient.ts:21:22:21:31 | req.body.x | semmle.label | req.body.x |
| typedClient.ts:22:27:22:35 | { id: v } | semmle.label | { id: v } |
| typedClient.ts:22:33:22:33 | v | semmle.label | v |
| typedClient.ts:23:27:23:35 | { id: v } | semmle.label | { id: v } |
| typedClient.ts:23:33:23:33 | v | semmle.label | v |
edges
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x |
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } |
| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v |
| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v |
| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v |
| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x |
| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) |
| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } |
| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } |
| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | provenance | |
| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | provenance | |
| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | provenance | Config |
| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | provenance | Config |
| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | provenance | Config |
| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | provenance | |
| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | provenance | |
| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | provenance | |
| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | provenance | Config |
| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | provenance | Config |
| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | provenance | Config |
| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | provenance | Config |
subpaths
#select
| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value |
| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql
View File

@@ -1,4 +1,4 @@
import javascript
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking
import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection
import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection

1566
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

File diff suppressed because it is too large Load Diff

460
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
View File

@@ -1,335 +1,133 @@
nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:27:34:27:38 | taint |
| express.js:27:34:27:38 | taint |
| express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:43:15:43:19 | taint |
| express.js:43:15:43:19 | taint |
| express.js:49:30:49:32 | msg |
| express.js:49:30:49:32 | msg |
| express.js:50:10:50:12 | msg |
| express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:31:18:31:23 | source |
| tst.js:31:18:31:23 | source |
| tst.js:33:14:33:19 | source |
| tst.js:33:14:33:19 | source |
| tst.js:35:28:35:33 | source |
| tst.js:35:28:35:33 | source |
| tst.js:37:33:37:38 | source |
| tst.js:37:33:37:38 | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
edges
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | |
nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body |
| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message |
| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search |
| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search |
| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search |
| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search |
| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search |
| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search |
| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search |
| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search |
| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search |
| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search |
| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search |
| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search |
| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search |
| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search |
| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
| express.js:26:9:26:35 | taint | semmle.label | taint |
| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:27:34:27:38 | taint | semmle.label | taint |
| express.js:34:9:34:35 | taint | semmle.label | taint |
| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:43:15:43:19 | taint | semmle.label | taint |
| express.js:49:30:49:32 | msg | semmle.label | msg |
| express.js:50:10:50:12 | msg | semmle.label | msg |
| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code |
| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
| react-native.js:8:32:8:38 | tainted | semmle.label | tainted |
| react-native.js:10:23:10:29 | tainted | semmle.label | tainted |
| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted |
| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted |
| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted |
| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted |
| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted |
| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted |
| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted |
| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted |
| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted |
| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted |
| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted |
| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted |
| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted |
| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted |
| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst.js:26:26:26:40 | location.search | semmle.label | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
| tst.js:29:9:29:82 | source | semmle.label | source |
| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search |
| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:31:18:31:23 | source | semmle.label | source |
| tst.js:33:14:33:19 | source | semmle.label | source |
| tst.js:35:28:35:33 | source | semmle.label | source |
| tst.js:37:33:37:38 | source | semmle.label | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash |
subpaths
#select
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value |

471
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
View File

@@ -1,342 +1,135 @@
nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:31 | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:43 | req.body |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:43 | req.body |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| angularjs.js:53:32:53:46 | location.search |
| eslint-escope-build.js:20:22:20:22 | c |
| eslint-escope-build.js:20:22:20:22 | c |
| eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:21:16:21:16 | c |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:7:44:7:62 | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:9:54:9:72 | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:12:28:12:46 | req.param("wobble") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:26:17:26:35 | req.param("wobble") |
| express.js:27:34:27:38 | taint |
| express.js:27:34:27:38 | taint |
| express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:34:17:34:35 | req.param("wobble") |
| express.js:43:15:43:19 | taint |
| express.js:43:15:43:19 | taint |
| express.js:49:30:49:32 | msg |
| express.js:49:30:49:32 | msg |
| express.js:50:10:50:12 | msg |
| express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:8:32:8:38 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react-native.js:10:23:10:29 | tainted |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:18:19:18:31 | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:33:17:33:23 | tainted |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:27 | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:33 | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:40 | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:41 | documen ... .search |
| tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:31:18:31:23 | source |
| tst.js:31:18:31:23 | source |
| tst.js:33:14:33:19 | source |
| tst.js:33:14:33:19 | source |
| tst.js:35:28:35:33 | source |
| tst.js:35:28:35:33 | source |
| tst.js:37:33:37:38 | source |
| tst.js:37:33:37:38 | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash |
edges
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name |
| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message |
| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search |
| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search |
| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search |
| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search |
| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search |
| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search |
| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search |
| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search |
| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search |
| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search |
| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search |
| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search |
| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search |
| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" |
| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash |
| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | |
| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | provenance | |
| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | |
| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | |
| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | |
| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | |
| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | |
| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | |
| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | |
| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | |
| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | |
| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | |
| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | |
| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | |
| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | |
| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | |
| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | |
| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | |
| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | |
| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | |
| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | |
nodes
| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query |
| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body |
| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name |
| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body |
| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message |
| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search |
| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search |
| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search |
| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search |
| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search |
| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search |
| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search |
| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search |
| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search |
| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search |
| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search |
| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search |
| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search |
| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search |
| eslint-escope-build.js:20:22:20:22 | c | semmle.label | c |
| eslint-escope-build.js:21:16:21:16 | c | semmle.label | c |
| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" |
| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") |
| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") |
| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") |
| express.js:26:9:26:35 | taint | semmle.label | taint |
| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:27:34:27:38 | taint | semmle.label | taint |
| express.js:34:9:34:35 | taint | semmle.label | taint |
| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| express.js:43:15:43:19 | taint | semmle.label | taint |
| express.js:49:30:49:32 | msg | semmle.label | msg |
| express.js:50:10:50:12 | msg | semmle.label | msg |
| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code |
| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
| react-native.js:8:32:8:38 | tainted | semmle.label | tainted |
| react-native.js:10:23:10:29 | tainted | semmle.label | tainted |
| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash |
| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted |
| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo |
| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted |
| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted |
| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted |
| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted |
| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted |
| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted |
| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted |
| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted |
| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted |
| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted |
| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted |
| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted |
| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted |
| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted |
| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search |
| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) |
| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst.js:26:26:26:40 | location.search | semmle.label | location.search |
| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
| tst.js:29:9:29:82 | source | semmle.label | source |
| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search |
| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") |
| tst.js:31:18:31:23 | source | semmle.label | source |
| tst.js:33:14:33:19 | source | semmle.label | source |
| tst.js:35:28:35:33 | source | semmle.label | source |
| tst.js:37:33:37:38 | source | semmle.label | source |
| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash |
| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash |
subpaths
#select
| eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value |

6
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql
View File

@@ -1,9 +1,9 @@
import javascript
import semmle.javascript.heuristics.AdditionalSources
import semmle.javascript.security.dataflow.CodeInjectionQuery
import DataFlow::PathGraph
import CodeInjectionFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource
select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.",
source.getNode(), "User-provided value"

98
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected
View File

@@ -1,69 +1,37 @@
nodes
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` |
| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) |
| bad-code-sanitization.js:6:11:6:25 | statements |
| bad-code-sanitization.js:6:24:6:25 | [] |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) |
| bad-code-sanitization.js:8:27:8:36 | statements |
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') |
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) |
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
| bad-code-sanitization.js:63:11:63:55 | assignment |
| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) |
| bad-code-sanitization.js:64:27:64:36 | assignment |
| bad-code-sanitization.js:64:27:64:36 | assignment |
edges
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) |
| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` |
| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements |
| bad-code-sanitization.js:6:24:6:25 | [] | bad-code-sanitization.js:6:11:6:25 | statements |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:6:24:6:25 | [] |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` |
| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') |
| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) |
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) |
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) |
| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment |
| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment |
| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | bad-code-sanitization.js:63:11:63:55 | assignment |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` |
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | provenance | |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | provenance | |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | |
| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | |
| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | |
| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | provenance | |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | provenance | |
nodes
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | semmle.label | [post update] statements [ArrayElement] |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | semmle.label | safeProp(key) |
| bad-code-sanitization.js:8:27:8:36 | statements | semmle.label | statements |
| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | semmle.label | statements [ArrayElement] |
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | semmle.label | statements.join(';') |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | semmle.label | htmlescape(pathname) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | semmle.label | JSON.st ... (input) |
| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | semmle.label | JSON.st ... (input) |
| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | semmle.label | JSON.st ... (input) |
| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | semmle.label | JSON.st ... (input) |
| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) |
| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) |
| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | semmle.label | JSON.st ... (taint) |
| bad-code-sanitization.js:63:11:63:55 | assignment | semmle.label | assignment |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | semmle.label | JSON.stringify(key) |
| bad-code-sanitization.js:64:27:64:36 | assignment | semmle.label | assignment |
subpaths
#select
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on an $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | improperly sanitized value |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on an $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | improperly sanitized value |

135
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected
View File

@@ -1,127 +1,20 @@
nodes
| lib/index.js:1:35:1:38 | data |
| lib/index.js:1:35:1:38 | data |
| lib/index.js:2:21:2:24 | data |
| lib/index.js:2:21:2:24 | data |
| lib/index.js:5:35:5:38 | name |
| lib/index.js:5:35:5:38 | name |
| lib/index.js:6:26:6:29 | name |
| lib/index.js:6:26:6:29 | name |
| lib/index.js:13:38:13:41 | data |
| lib/index.js:13:38:13:41 | data |
| lib/index.js:14:21:14:24 | data |
| lib/index.js:14:21:14:24 | data |
| lib/index.js:19:26:19:29 | data |
| lib/index.js:19:26:19:29 | data |
| lib/index.js:22:7:22:10 | data |
| lib/index.js:22:7:22:10 | data |
| lib/index.js:41:32:41:35 | opts |
| lib/index.js:41:32:41:35 | opts |
| lib/index.js:42:3:42:19 | opts |
| lib/index.js:42:10:42:13 | opts |
| lib/index.js:42:10:42:19 | opts \|\| {} |
| lib/index.js:44:21:44:24 | opts |
| lib/index.js:44:21:44:32 | opts.varName |
| lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:86:15:86:19 | taint |
| lib/index.js:86:15:86:19 | taint |
| lib/index.js:87:18:87:22 | taint |
| lib/index.js:89:36:89:40 | taint |
| lib/index.js:93:32:93:36 | taint |
| lib/index.js:98:30:98:34 | taint |
| lib/index.js:103:21:103:47 | this.op ... dOption |
| lib/index.js:103:21:103:47 | this.op ... dOption |
| lib/index.js:104:21:104:47 | this.op ... dOption |
| lib/index.js:104:21:104:47 | this.op ... dOption |
| lib/index.js:105:21:105:47 | this.op ... dOption |
| lib/index.js:105:21:105:47 | this.op ... dOption |
| lib/index.js:106:21:106:30 | this.taint |
| lib/index.js:106:21:106:30 | this.taint |
| lib/index.js:112:17:112:21 | taint |
| lib/index.js:112:17:112:21 | taint |
| lib/index.js:113:20:113:24 | taint |
| lib/index.js:115:38:115:42 | taint |
| lib/index.js:121:34:121:38 | taint |
| lib/index.js:129:32:129:36 | taint |
| lib/index.js:135:23:135:49 | this.op ... dOption |
| lib/index.js:135:23:135:49 | this.op ... dOption |
| lib/index.js:136:23:136:49 | this.op ... dOption |
| lib/index.js:136:23:136:49 | this.op ... dOption |
| lib/index.js:137:23:137:49 | this.op ... dOption |
| lib/index.js:137:23:137:49 | this.op ... dOption |
| lib/index.js:138:23:138:32 | this.taint |
| lib/index.js:138:23:138:32 | this.taint |
edges
| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data |
| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data |
| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data |
| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data |
| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name |
| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name |
| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name |
| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name |
| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data |
| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data |
| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data |
| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data |
| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data |
| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data |
| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data |
| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data |
| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts |
| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts |
| lib/index.js:42:3:42:19 | opts | lib/index.js:44:21:44:24 | opts |
| lib/index.js:42:10:42:13 | opts | lib/index.js:42:10:42:19 | opts \|\| {} |
| lib/index.js:42:10:42:19 | opts \|\| {} | lib/index.js:42:3:42:19 | opts |
| lib/index.js:44:21:44:24 | opts | lib/index.js:44:21:44:32 | opts.varName |
| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName |
| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint |
| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint |
| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint |
| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint |
| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption |
| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption |
| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption |
| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption |
| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption |
| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption |
| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint |
| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint |
| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint |
| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint |
| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption |
| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption |
| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption |
| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption |
| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption |
| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption |
| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | provenance | |
| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | provenance | |
| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | provenance | |
| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | provenance | |
nodes
| lib/index.js:1:35:1:38 | data | semmle.label | data |
| lib/index.js:2:21:2:24 | data | semmle.label | data |
| lib/index.js:5:35:5:38 | name | semmle.label | name |
| lib/index.js:6:26:6:29 | name | semmle.label | name |
| lib/index.js:13:38:13:41 | data | semmle.label | data |
| lib/index.js:14:21:14:24 | data | semmle.label | data |
| lib/index.js:19:26:19:29 | data | semmle.label | data |
| lib/index.js:22:7:22:10 | data | semmle.label | data |
subpaths
#select
| lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:1:35:1:38 | data | library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | This string concatenation which depends on $@ is later $@. | lib/index.js:5:35:5:38 | name | library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code |
| lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:13:38:13:41 | data | library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code |
| lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:19:26:19:29 | data | library input | lib/index.js:25:24:25:26 | str | interpreted as code |
| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | This string concatenation which depends on $@ is later $@. | lib/index.js:41:32:41:35 | opts | library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code |
| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code |
| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code |
| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code |
| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code |
| lib/index.js:135:23:135:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:135:12:135:69 | " var ... ing();" | interpreted as code |
| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code |
| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code |
| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code |

128
javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected
View File

@@ -1,76 +1,60 @@
nodes
| example.js:9:37:9:38 | ev |
| example.js:9:37:9:38 | ev |
| example.js:10:9:10:37 | message |
| example.js:10:19:10:37 | JSON.parse(ev.data) |
| example.js:10:30:10:31 | ev |
| example.js:10:30:10:36 | ev.data |
| example.js:13:5:13:24 | window[message.name] |
| example.js:13:5:13:24 | window[message.name] |
| example.js:13:12:13:18 | message |
| example.js:13:12:13:23 | message.name |
| tst.js:3:37:3:38 | ev |
| tst.js:3:37:3:38 | ev |
| tst.js:4:9:4:37 | message |
| tst.js:4:19:4:37 | JSON.parse(ev.data) |
| tst.js:4:30:4:31 | ev |
| tst.js:4:30:4:36 | ev.data |
| tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:12:5:18 | message |
| tst.js:5:12:5:23 | message.name |
| tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:16:6:22 | message |
| tst.js:6:16:6:27 | message.name |
| tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:7:11:13 | message |
| tst.js:11:7:11:18 | message.name |
| tst.js:15:5:15:14 | window[ev] |
| tst.js:15:5:15:14 | window[ev] |
| tst.js:15:12:15:13 | ev |
| tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:12:21:28 | '' + message.name |
| tst.js:21:17:21:23 | message |
| tst.js:21:17:21:28 | message.name |
edges
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev |
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev |
| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message |
| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message |
| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data |
| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) |
| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name |
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] |
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] |
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev |
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev |
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev |
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev |
| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message |
| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message |
| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message |
| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message |
| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message |
| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data |
| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) |
| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name |
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] |
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] |
| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name |
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] |
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] |
| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name |
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] |
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] |
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] |
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] |
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] |
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name |
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name |
| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | |
| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | |
| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | |
| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | Config |
| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | Config |
| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | Config |
| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | Config |
| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | |
| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | |
| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | |
| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | provenance | |
| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | |
| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | |
| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | |
| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | Config |
| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | Config |
| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | Config |
| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | Config |
| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | Config |
| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | Config |
| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | Config |
| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | Config |
| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | Config |
| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | Config |
| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | Config |
| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | Config |
nodes
| example.js:9:37:9:38 | ev | semmle.label | ev |
| example.js:10:9:10:37 | message | semmle.label | message |
| example.js:10:19:10:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) |
| example.js:10:30:10:31 | ev | semmle.label | ev |
| example.js:10:30:10:36 | ev.data | semmle.label | ev.data |
| example.js:13:5:13:24 | window[message.name] | semmle.label | window[message.name] |
| example.js:13:12:13:18 | message | semmle.label | message |
| example.js:13:12:13:23 | message.name | semmle.label | message.name |
| tst.js:3:37:3:38 | ev | semmle.label | ev |
| tst.js:4:9:4:37 | message | semmle.label | message |
| tst.js:4:19:4:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) |
| tst.js:4:30:4:31 | ev | semmle.label | ev |
| tst.js:4:30:4:36 | ev.data | semmle.label | ev.data |
| tst.js:5:5:5:24 | window[message.name] | semmle.label | window[message.name] |
| tst.js:5:12:5:18 | message | semmle.label | message |
| tst.js:5:12:5:23 | message.name | semmle.label | message.name |
| tst.js:6:9:6:28 | window[message.name] | semmle.label | window[message.name] |
| tst.js:6:16:6:22 | message | semmle.label | message |
| tst.js:6:16:6:27 | message.name | semmle.label | message.name |
| tst.js:11:5:11:19 | f[message.name] | semmle.label | f[message.name] |
| tst.js:11:7:11:13 | message | semmle.label | message |
| tst.js:11:7:11:18 | message.name | semmle.label | message.name |
| tst.js:15:5:15:14 | window[ev] | semmle.label | window[ev] |
| tst.js:15:12:15:13 | ev | semmle.label | ev |
| tst.js:21:5:21:29 | window[ ... e.name] | semmle.label | window[ ... e.name] |
| tst.js:21:12:21:28 | '' + message.name | semmle.label | '' + message.name |
| tst.js:21:17:21:23 | message | semmle.label | message |
| tst.js:21:17:21:28 | message.name | semmle.label | message.name |
subpaths
#select
| example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | user-controlled value |
| tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value |

79
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected
View File

@@ -1,64 +1,25 @@
nodes
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:274:6:274:94 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') |
| tst.js:274:12:274:94 | s().val ... g , '') |
| tst.js:275:9:275:11 | arr |
| tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:244:9:244:33 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:253:21:253:45 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') |
| tst.js:274:6:274:94 | arr | semmle.label | arr |
| tst.js:274:12:274:94 | s().val ... g , '') | semmle.label | s().val ... g , '') |
| tst.js:275:9:275:11 | arr | semmle.label | arr |
| tst.js:275:9:275:21 | arr.join(" ") | semmle.label | arr.join(" ") |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | semmle.label | s().rep ... ;";\\n\\t}) |
edges
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr |
| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | provenance | |
| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | provenance | |
| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | provenance | |
subpaths
#select
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step |

378
javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected
View File

@@ -1,227 +1,159 @@
nodes
| logInjectionBad.js:19:9:19:36 | q |
| logInjectionBad.js:19:13:19:36 | url.par ... , true) |
| logInjectionBad.js:19:23:19:29 | req.url |
| logInjectionBad.js:19:23:19:29 | req.url |
| logInjectionBad.js:20:9:20:35 | username |
| logInjectionBad.js:20:20:20:20 | q |
| logInjectionBad.js:20:20:20:26 | q.query |
| logInjectionBad.js:20:20:20:35 | q.query.username |
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` |
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` |
| logInjectionBad.js:22:34:22:41 | username |
| logInjectionBad.js:23:37:23:44 | username |
| logInjectionBad.js:23:37:23:44 | username |
| logInjectionBad.js:24:35:24:42 | username |
| logInjectionBad.js:24:35:24:42 | username |
| logInjectionBad.js:25:36:25:43 | username |
| logInjectionBad.js:25:36:25:43 | username |
| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) |
| logInjectionBad.js:28:24:28:31 | username |
| logInjectionBad.js:29:14:29:18 | error |
| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` |
| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` |
| logInjectionBad.js:30:42:30:46 | error |
| logInjectionBad.js:46:9:46:36 | q |
| logInjectionBad.js:46:13:46:36 | url.par ... , true) |
| logInjectionBad.js:46:23:46:29 | req.url |
| logInjectionBad.js:46:23:46:29 | req.url |
| logInjectionBad.js:47:9:47:35 | username |
| logInjectionBad.js:47:20:47:20 | q |
| logInjectionBad.js:47:20:47:26 | q.query |
| logInjectionBad.js:47:20:47:35 | q.query.username |
| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) |
| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) |
| logInjectionBad.js:49:46:49:53 | username |
| logInjectionBad.js:50:18:50:47 | colors. ... ername) |
| logInjectionBad.js:50:18:50:47 | colors. ... ername) |
| logInjectionBad.js:50:39:50:46 | username |
| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) |
| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) |
| logInjectionBad.js:51:27:51:56 | colors. ... ername) |
| logInjectionBad.js:51:48:51:55 | username |
| logInjectionBad.js:52:17:52:47 | underli ... name))) |
| logInjectionBad.js:52:17:52:47 | underli ... name))) |
| logInjectionBad.js:52:27:52:46 | bold(blue(username)) |
| logInjectionBad.js:52:32:52:45 | blue(username) |
| logInjectionBad.js:52:37:52:44 | username |
| logInjectionBad.js:53:17:53:76 | highlig ... true}) |
| logInjectionBad.js:53:17:53:76 | highlig ... true}) |
| logInjectionBad.js:53:27:53:34 | username |
| logInjectionBad.js:54:17:54:51 | clc.red ... ername) |
| logInjectionBad.js:54:17:54:51 | clc.red ... ername) |
| logInjectionBad.js:54:43:54:50 | username |
| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) |
| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) |
| logInjectionBad.js:55:27:55:56 | colors. ... ername) |
| logInjectionBad.js:55:48:55:55 | username |
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) |
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) |
| logInjectionBad.js:56:47:56:54 | username |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) |
| logInjectionBad.js:57:40:57:47 | username |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
| logInjectionBad.js:58:50:58:57 | username |
| logInjectionBad.js:63:9:63:36 | q |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:63:23:63:29 | req.url |
| logInjectionBad.js:63:23:63:29 | req.url |
| logInjectionBad.js:64:9:64:35 | username |
| logInjectionBad.js:64:20:64:20 | q |
| logInjectionBad.js:64:20:64:26 | q.query |
| logInjectionBad.js:64:20:64:35 | q.query.username |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:35:66:42 | username |
| logInjectionBad.js:72:9:72:36 | q |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:72:23:72:29 | req.url |
| logInjectionBad.js:72:23:72:29 | req.url |
| logInjectionBad.js:73:9:73:35 | username |
| logInjectionBad.js:73:20:73:20 | q |
| logInjectionBad.js:73:20:73:26 | q.query |
| logInjectionBad.js:73:20:73:35 | q.query.username |
| logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:122:9:122:58 | username |
| logInjectionBad.js:122:20:122:43 | url.par ... , true) |
| logInjectionBad.js:122:20:122:49 | url.par ... ).query |
| logInjectionBad.js:122:20:122:58 | url.par ... sername |
| logInjectionBad.js:122:30:122:36 | req.url |
| logInjectionBad.js:122:30:122:36 | req.url |
| logInjectionBad.js:123:9:123:46 | otherStr |
| logInjectionBad.js:123:20:123:27 | username |
| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) |
| logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] |
| logInjectionBad.js:124:17:124:24 | otherStr |
| logInjectionBad.js:124:17:124:24 | otherStr |
| logInjectionBad.js:128:20:128:43 | url.par ... , true) |
| logInjectionBad.js:128:20:128:49 | url.par ... ).query |
| logInjectionBad.js:128:20:128:58 | url.par ... sername |
| logInjectionBad.js:128:30:128:36 | req.url |
| logInjectionBad.js:128:30:128:36 | req.url |
| logInjectionBad.js:129:42:129:50 | RegExp.$1 |
| logInjectionBad.js:129:42:129:50 | RegExp.$1 |
edges
| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q |
| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q |
| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) |
| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username |
| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:20:20:26 | q.query |
| logInjectionBad.js:20:20:20:26 | q.query | logInjectionBad.js:20:20:20:35 | q.query.username |
| logInjectionBad.js:20:20:20:35 | q.query.username | logInjectionBad.js:20:9:20:35 | username |
| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` |
| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` |
| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error |
| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) |
| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error |
| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` |
| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` |
| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q |
| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q |
| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) |
| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username |
| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:20:47:26 | q.query |
| logInjectionBad.js:47:20:47:26 | q.query | logInjectionBad.js:47:20:47:35 | q.query.username |
| logInjectionBad.js:47:20:47:35 | q.query.username | logInjectionBad.js:47:9:47:35 | username |
| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) |
| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) |
| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) |
| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) |
| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) |
| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) |
| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) |
| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) |
| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) |
| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) |
| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) |
| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) |
| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) |
| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) |
| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) |
| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) |
| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) |
| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) |
| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) |
| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) |
| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) |
| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q |
| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username |
| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query |
| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username |
| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username |
| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q |
| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query |
| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username |
| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username |
| logInjectionBad.js:122:9:122:58 | username | logInjectionBad.js:123:20:123:27 | username |
| logInjectionBad.js:122:20:122:43 | url.par ... , true) | logInjectionBad.js:122:20:122:49 | url.par ... ).query |
| logInjectionBad.js:122:20:122:49 | url.par ... ).query | logInjectionBad.js:122:20:122:58 | url.par ... sername |
| logInjectionBad.js:122:20:122:58 | url.par ... sername | logInjectionBad.js:122:9:122:58 | username |
| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) |
| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) |
| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr |
| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr |
| logInjectionBad.js:123:20:123:27 | username | logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) |
| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] |
| logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] | logInjectionBad.js:123:9:123:46 | otherStr |
| logInjectionBad.js:128:20:128:43 | url.par ... , true) | logInjectionBad.js:128:20:128:49 | url.par ... ).query |
| logInjectionBad.js:128:20:128:49 | url.par ... ).query | logInjectionBad.js:128:20:128:58 | url.par ... sername |
| logInjectionBad.js:128:20:128:58 | url.par ... sername | logInjectionBad.js:129:42:129:50 | RegExp.$1 |
| logInjectionBad.js:128:20:128:58 | url.par ... sername | logInjectionBad.js:129:42:129:50 | RegExp.$1 |
| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) |
| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) |
| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | provenance | |
| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | provenance | |
| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | provenance | |
| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | provenance | |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | provenance | |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | provenance | |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | provenance | |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | provenance | |
| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | provenance | |
| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | provenance | |
| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | provenance | |
| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | provenance | |
| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | provenance | |
| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | provenance | |
| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | provenance | |
| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | provenance | |
| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | provenance | |
| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | provenance | |
| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | provenance | |
| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | provenance | |
| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | provenance | |
| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | provenance | |
| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | provenance | |
| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | provenance | |
| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | provenance | |
| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | provenance | |
| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | provenance | |
| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | provenance | |
| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | provenance | |
| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | provenance | |
| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | provenance | |
| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | provenance | |
| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | provenance | |
| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | provenance | |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | provenance | |
| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | provenance | |
| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | provenance | |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | provenance | |
| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | provenance | |
| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | provenance | |
| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | provenance | |
| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | provenance | |
| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | provenance | |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | provenance | |
| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | provenance | |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | |
| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | provenance | |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | provenance | |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | provenance | |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | provenance | |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | provenance | |
| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | provenance | |
| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | provenance | |
| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | provenance | |
| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | provenance | |
| logInjectionBad.js:122:9:122:58 | username | logInjectionBad.js:123:20:123:27 | username | provenance | |
| logInjectionBad.js:122:20:122:43 | url.par ... , true) | logInjectionBad.js:122:9:122:58 | username | provenance | |
| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) | provenance | |
| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr | provenance | |
| logInjectionBad.js:123:20:123:27 | username | logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | provenance | |
| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | logInjectionBad.js:123:9:123:46 | otherStr | provenance | |
| logInjectionBad.js:128:20:128:43 | url.par ... , true) | logInjectionBad.js:129:42:129:50 | RegExp.$1 | provenance | |
| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) | provenance | |
nodes
| logInjectionBad.js:7:25:7:32 | username | semmle.label | username |
| logInjectionBad.js:8:38:8:45 | username | semmle.label | username |
| logInjectionBad.js:19:9:19:36 | q | semmle.label | q |
| logInjectionBad.js:19:13:19:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:19:23:19:29 | req.url | semmle.label | req.url |
| logInjectionBad.js:20:9:20:35 | username | semmle.label | username |
| logInjectionBad.js:20:20:20:20 | q | semmle.label | q |
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | semmle.label | `[INFO] ... rname}` |
| logInjectionBad.js:22:34:22:41 | username | semmle.label | username |
| logInjectionBad.js:23:37:23:44 | username | semmle.label | username |
| logInjectionBad.js:24:35:24:42 | username | semmle.label | username |
| logInjectionBad.js:25:36:25:43 | username | semmle.label | username |
| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | semmle.label | exceptional return of check_u ... ername) |
| logInjectionBad.js:28:24:28:31 | username | semmle.label | username |
| logInjectionBad.js:29:14:29:18 | error | semmle.label | error |
| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | semmle.label | `[ERROR ... rror}"` |
| logInjectionBad.js:30:42:30:46 | error | semmle.label | error |
| logInjectionBad.js:46:9:46:36 | q | semmle.label | q |
| logInjectionBad.js:46:13:46:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:46:23:46:29 | req.url | semmle.label | req.url |
| logInjectionBad.js:47:9:47:35 | username | semmle.label | username |
| logInjectionBad.js:47:20:47:20 | q | semmle.label | q |
| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | semmle.label | ansiCol ... ername) |
| logInjectionBad.js:49:46:49:53 | username | semmle.label | username |
| logInjectionBad.js:50:18:50:47 | colors. ... ername) | semmle.label | colors. ... ername) |
| logInjectionBad.js:50:39:50:46 | username | semmle.label | username |
| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | semmle.label | wrapAns ... e), 20) |
| logInjectionBad.js:51:27:51:56 | colors. ... ername) | semmle.label | colors. ... ername) |
| logInjectionBad.js:51:48:51:55 | username | semmle.label | username |
| logInjectionBad.js:52:17:52:47 | underli ... name))) | semmle.label | underli ... name))) |
| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | semmle.label | bold(blue(username)) |
| logInjectionBad.js:52:32:52:45 | blue(username) | semmle.label | blue(username) |
| logInjectionBad.js:52:37:52:44 | username | semmle.label | username |
| logInjectionBad.js:53:17:53:76 | highlig ... true}) | semmle.label | highlig ... true}) |
| logInjectionBad.js:53:27:53:34 | username | semmle.label | username |
| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | semmle.label | clc.red ... ername) |
| logInjectionBad.js:54:43:54:50 | username | semmle.label | username |
| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | semmle.label | sliceAn ... 20, 30) |
| logInjectionBad.js:55:27:55:56 | colors. ... ername) | semmle.label | colors. ... ername) |
| logInjectionBad.js:55:48:55:55 | username | semmle.label | username |
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | semmle.label | kleur.b ... ername) |
| logInjectionBad.js:56:47:56:54 | username | semmle.label | username |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | semmle.label | chalk.u ... ername) |
| logInjectionBad.js:57:40:57:47 | username | semmle.label | username |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | semmle.label | stripAn ... rname)) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | semmle.label | chalk.u ... ername) |
| logInjectionBad.js:58:50:58:57 | username | semmle.label | username |
| logInjectionBad.js:63:9:63:36 | q | semmle.label | q |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:63:23:63:29 | req.url | semmle.label | req.url |
| logInjectionBad.js:64:9:64:35 | username | semmle.label | username |
| logInjectionBad.js:64:20:64:20 | q | semmle.label | q |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | semmle.label | prettyj ... ername) |
| logInjectionBad.js:66:35:66:42 | username | semmle.label | username |
| logInjectionBad.js:72:9:72:36 | q | semmle.label | q |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:72:23:72:29 | req.url | semmle.label | req.url |
| logInjectionBad.js:73:9:73:35 | username | semmle.label | username |
| logInjectionBad.js:73:20:73:20 | q | semmle.label | q |
| logInjectionBad.js:75:15:75:22 | username | semmle.label | username |
| logInjectionBad.js:75:15:75:22 | username | semmle.label | username |
| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] |
| logInjectionBad.js:82:30:82:37 | username | semmle.label | username |
| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] |
| logInjectionBad.js:91:26:91:33 | username | semmle.label | username |
| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] |
| logInjectionBad.js:99:26:99:33 | username | semmle.label | username |
| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] |
| logInjectionBad.js:113:37:113:44 | username | semmle.label | username |
| logInjectionBad.js:122:9:122:58 | username | semmle.label | username |
| logInjectionBad.js:122:20:122:43 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:122:30:122:36 | req.url | semmle.label | req.url |
| logInjectionBad.js:123:9:123:46 | otherStr | semmle.label | otherStr |
| logInjectionBad.js:123:20:123:27 | username | semmle.label | username |
| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | semmle.label | usernam ... (/.*/g) |
| logInjectionBad.js:124:17:124:24 | otherStr | semmle.label | otherStr |
| logInjectionBad.js:128:20:128:43 | url.par ... , true) | semmle.label | url.par ... , true) |
| logInjectionBad.js:128:30:128:36 | req.url | semmle.label | req.url |
| logInjectionBad.js:129:42:129:50 | RegExp.$1 | semmle.label | RegExp.$1 |
subpaths
| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) |
#select
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |
| logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value |

103
javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected
View File

@@ -1,85 +1,26 @@
nodes
| tst.js:5:15:5:30 | req.query.format |
| tst.js:5:15:5:30 | req.query.format |
| tst.js:5:15:5:30 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:6:26:6:41 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:7:15:7:30 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:8:17:8:32 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:9:16:9:31 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:10:12:10:27 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:11:32:11:47 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:12:21:12:36 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:13:35:13:50 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:14:29:14:44 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:15:30:15:45 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:16:26:16:41 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:17:30:17:45 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:18:38:18:53 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:20:17:20:32 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:21:16:21:31 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:22:17:22:32 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:24:25:24:40 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
| tst.js:26:34:26:49 | req.query.format |
edges
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format |
| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format |
| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format |
| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format |
| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format |
| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format |
| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format |
| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format |
| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format |
| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format |
| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format |
| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format |
| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format |
| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format |
| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format |
| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format |
| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format |
| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format |
| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format |
nodes
| tst.js:5:15:5:30 | req.query.format | semmle.label | req.query.format |
| tst.js:6:26:6:41 | req.query.format | semmle.label | req.query.format |
| tst.js:7:15:7:30 | req.query.format | semmle.label | req.query.format |
| tst.js:8:17:8:32 | req.query.format | semmle.label | req.query.format |
| tst.js:9:16:9:31 | req.query.format | semmle.label | req.query.format |
| tst.js:10:12:10:27 | req.query.format | semmle.label | req.query.format |
| tst.js:11:32:11:47 | req.query.format | semmle.label | req.query.format |
| tst.js:12:21:12:36 | req.query.format | semmle.label | req.query.format |
| tst.js:13:35:13:50 | req.query.format | semmle.label | req.query.format |
| tst.js:14:29:14:44 | req.query.format | semmle.label | req.query.format |
| tst.js:15:30:15:45 | req.query.format | semmle.label | req.query.format |
| tst.js:16:26:16:41 | req.query.format | semmle.label | req.query.format |
| tst.js:17:30:17:45 | req.query.format | semmle.label | req.query.format |
| tst.js:18:38:18:53 | req.query.format | semmle.label | req.query.format |
| tst.js:20:17:20:32 | req.query.format | semmle.label | req.query.format |
| tst.js:21:16:21:31 | req.query.format | semmle.label | req.query.format |
| tst.js:22:17:22:32 | req.query.format | semmle.label | req.query.format |
| tst.js:24:25:24:40 | req.query.format | semmle.label | req.query.format |
| tst.js:25:33:25:48 | req.query.format | semmle.label | req.query.format |
| tst.js:26:34:26:49 | req.query.format | semmle.label | req.query.format |
subpaths
#select
| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on a $@. | tst.js:5:15:5:30 | req.query.format | user-provided value |
| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on a $@. | tst.js:6:26:6:41 | req.query.format | user-provided value |

228
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected
View File

@@ -1,143 +1,99 @@
nodes
| FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } |
| FileAccessToHttp.js:9:23:9:29 | content |
| bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) |
| bufferRead.js:15:15:15:62 | postData |
| bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) |
| bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:33:21:33:28 | postData |
| googlecompiler.js:7:19:7:28 | codestring |
| googlecompiler.js:9:7:15:4 | post_data |
| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) |
| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } |
| googlecompiler.js:14:21:14:30 | codestring |
| googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:44:54:44:57 | data |
| googlecompiler.js:44:54:44:57 | data |
| googlecompiler.js:56:14:56:17 | data |
| readFileSync.js:5:5:5:39 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") |
| readFileSync.js:7:7:7:25 | s |
| readFileSync.js:7:11:7:14 | data |
| readFileSync.js:7:11:7:25 | data.toString() |
| readFileSync.js:26:18:26:18 | s |
| readFileSync.js:26:18:26:18 | s |
| readStreamRead.js:13:13:13:35 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() |
| readStreamRead.js:13:21:13:35 | readable.read() |
| readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:30:19:30:23 | chunk |
| request.js:6:19:6:26 | jsonData |
| request.js:8:11:8:20 | {jsonData} |
| request.js:8:11:8:20 | {jsonData} |
| request.js:8:12:8:19 | jsonData |
| request.js:13:18:13:24 | xmlData |
| request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:22:11:22:17 | xmlData |
| request.js:28:52:28:55 | data |
| request.js:28:52:28:55 | data |
| request.js:35:14:35:17 | data |
| request.js:43:51:43:54 | data |
| request.js:43:51:43:54 | data |
| request.js:50:13:50:16 | data |
| sentAsHeaders.js:10:79:10:84 | buffer |
| sentAsHeaders.js:10:79:10:84 | buffer |
| sentAsHeaders.js:11:13:11:59 | content |
| sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) |
| sentAsHeaders.js:12:9:12:81 | content |
| sentAsHeaders.js:12:19:12:25 | content |
| sentAsHeaders.js:12:19:12:74 | content ... =", "") |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content |
| sentAsHeaders.js:18:47:18:53 | content |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content |
| sentAsHeaders.js:24:47:24:53 | content |
edges
| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData |
| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData |
| googlecompiler.js:7:19:7:28 | codestring | googlecompiler.js:14:21:14:30 | codestring |
| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data |
| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data |
| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) |
| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data |
| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring |
| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data |
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s |
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s |
| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() |
| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s |
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk |
| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData |
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} |
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} |
| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data |
| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data |
| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer |
| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content |
| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content |
| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content |
| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content |
| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") |
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } |
| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } |
| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content |
| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | provenance | |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | provenance | |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | |
| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | provenance | |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | provenance | |
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | provenance | |
| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | |
| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | provenance | |
| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | provenance | |
| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | provenance | |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | provenance | |
| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | provenance | |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | provenance | |
| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | provenance | |
| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | provenance | |
| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | provenance | |
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | |
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | |
| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | |
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | provenance | |
| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | provenance | |
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | |
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | provenance | |
| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | provenance | |
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | provenance | |
| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | provenance | |
| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | provenance | |
| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | provenance | |
| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | provenance | |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | provenance | |
| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | provenance | |
| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | provenance | |
| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | provenance | |
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | provenance | |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | provenance | |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | provenance | |
| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | provenance | |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | provenance | |
| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | provenance | |
nodes
| FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content |
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") |
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | semmle.label | {\\n hos ... ent }\\n} |
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | semmle.label | { Referer: content } [Referer] |
| FileAccessToHttp.js:9:23:9:29 | content | semmle.label | content |
| bufferRead.js:12:13:12:43 | buffer | semmle.label | buffer |
| bufferRead.js:12:22:12:43 | new Buf ... s.size) | semmle.label | new Buf ... s.size) |
| bufferRead.js:13:21:13:26 | buffer | semmle.label | buffer |
| bufferRead.js:13:32:13:37 | buffer | semmle.label | buffer |
| bufferRead.js:15:15:15:62 | postData | semmle.label | postData |
| bufferRead.js:15:26:15:31 | buffer | semmle.label | buffer |
| bufferRead.js:15:26:15:62 | buffer. ... esRead) | semmle.label | buffer. ... esRead) |
| bufferRead.js:33:21:33:28 | postData | semmle.label | postData |
| readFileSync.js:5:5:5:39 | data | semmle.label | data |
| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | semmle.label | fs.read ... t.txt") |
| readFileSync.js:7:7:7:25 | s | semmle.label | s |
| readFileSync.js:7:11:7:14 | data | semmle.label | data |
| readFileSync.js:7:11:7:25 | data.toString() | semmle.label | data.toString() |
| readFileSync.js:26:18:26:18 | s | semmle.label | s |
| readStreamRead.js:13:13:13:35 | chunk | semmle.label | chunk |
| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() |
| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk |
| request.js:6:19:6:26 | jsonData | semmle.label | jsonData |
| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} |
| request.js:8:12:8:19 | jsonData | semmle.label | jsonData |
| request.js:13:18:13:24 | xmlData | semmle.label | xmlData |
| request.js:16:11:23:3 | {\\n u ... ody\\n } | semmle.label | {\\n u ... ody\\n } |
| request.js:22:11:22:17 | xmlData | semmle.label | xmlData |
| request.js:28:52:28:55 | data | semmle.label | data |
| request.js:35:14:35:17 | data | semmle.label | data |
| request.js:43:51:43:54 | data | semmle.label | data |
| request.js:50:13:50:16 | data | semmle.label | data |
| sentAsHeaders.js:10:79:10:84 | buffer | semmle.label | buffer |
| sentAsHeaders.js:11:13:11:59 | content | semmle.label | content |
| sentAsHeaders.js:11:23:11:28 | buffer | semmle.label | buffer |
| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | semmle.label | buffer. ... esRead) |
| sentAsHeaders.js:12:9:12:81 | content | semmle.label | content |
| sentAsHeaders.js:12:19:12:25 | content | semmle.label | content |
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | semmle.label | content ... =", "") |
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | semmle.label | content ... .trim() |
| sentAsHeaders.js:14:20:19:9 | {\\n ... } | semmle.label | {\\n ... } |
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] |
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | semmle.label | "http:/ ... content |
| sentAsHeaders.js:18:47:18:53 | content | semmle.label | content |
| sentAsHeaders.js:20:20:25:9 | {\\n ... } | semmle.label | {\\n ... } |
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] |
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | semmle.label | "http:/ ... content |
| sentAsHeaders.js:24:47:24:53 | content | semmle.label | content |
subpaths
#select
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data |
| bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data |
| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@. | googlecompiler.js:44:54:44:57 | data | file data |
| readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data |
| readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data |
| request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data |

44
javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected
View File

@@ -1,34 +1,18 @@
nodes
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:5:14:5:21 | password |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar.js:1:27:1:34 | userName |
edges
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password |
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data |
| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey |
| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName |
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | |
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | |
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | |
| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | |
nodes
| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password |
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | semmle.label | [post update] data [foo] |
| PostMessageStar2.js:5:14:5:21 | password | semmle.label | password |
| PostMessageStar2.js:8:29:8:32 | data | semmle.label | data |
| PostMessageStar2.js:9:29:9:32 | data [foo] | semmle.label | data [foo] |
| PostMessageStar2.js:9:29:9:36 | data.foo | semmle.label | data.foo |
| PostMessageStar2.js:13:27:13:33 | authKey | semmle.label | authKey |
| PostMessageStar.js:1:27:1:34 | userName | semmle.label | userName |
subpaths
#select
| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | Sensitive data |
| PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | Sensitive data |

47
javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1,33 +1,22 @@
nodes
| node.js:8:10:8:12 | err |
| node.js:8:10:8:12 | err |
| node.js:11:13:11:15 | err |
| node.js:11:13:11:21 | err.stack |
| node.js:11:13:11:21 | err.stack |
| tst.js:6:12:6:12 | e |
| tst.js:6:12:6:12 | e |
| tst.js:7:13:7:13 | e |
| tst.js:7:13:7:13 | e |
| tst.js:8:15:8:15 | e |
| tst.js:16:20:16:20 | e |
| tst.js:17:11:17:11 | e |
| tst.js:17:11:17:17 | e.stack |
| tst.js:17:11:17:17 | e.stack |
edges
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err |
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e |
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e |
| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e |
| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack |
| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | provenance | |
| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | provenance | |
| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | provenance | |
| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | provenance | |
| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | provenance | |
| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | provenance | |
| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | provenance | |
nodes
| node.js:8:10:8:12 | err | semmle.label | err |
| node.js:11:13:11:15 | err | semmle.label | err |
| node.js:11:13:11:21 | err.stack | semmle.label | err.stack |
| tst.js:6:12:6:12 | e | semmle.label | e |
| tst.js:7:13:7:13 | e | semmle.label | e |
| tst.js:8:15:8:15 | e | semmle.label | e |
| tst.js:16:20:16:20 | e | semmle.label | e |
| tst.js:17:11:17:11 | e | semmle.label | e |
| tst.js:17:11:17:17 | e.stack | semmle.label | e.stack |
subpaths
#select
| node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information |
| tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information |

117
javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected
View File

@@ -1,67 +1,58 @@
nodes
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} |
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) |
| build-leaks.js:5:35:5:45 | process.env |
| build-leaks.js:5:35:5:45 | process.env |
| build-leaks.js:13:11:19:10 | raw |
| build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:14:18:14:20 | env |
| build-leaks.js:15:24:15:34 | process.env |
| build-leaks.js:15:24:15:34 | process.env |
| build-leaks.js:15:24:15:39 | process.env[key] |
| build-leaks.js:16:20:16:22 | env |
| build-leaks.js:21:11:26:5 | stringifed |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:22:49:22:51 | env |
| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) |
| build-leaks.js:23:39:23:41 | raw |
| build-leaks.js:23:39:23:46 | raw[key] |
| build-leaks.js:24:20:24:22 | env |
| build-leaks.js:30:22:30:31 | stringifed |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified |
| build-leaks.js:40:9:40:60 | pw |
| build-leaks.js:40:14:40:60 | url.par ... assword |
| build-leaks.js:40:14:40:60 | url.par ... assword |
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) |
| build-leaks.js:41:82:41:83 | pw |
edges
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} |
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) |
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) |
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:23:39:23:41 | raw |
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw |
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] |
| build-leaks.js:15:24:15:39 | process.env[key] | build-leaks.js:14:18:14:20 | env |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env |
| build-leaks.js:21:11:26:5 | stringifed | build-leaks.js:30:22:30:31 | stringifed |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | build-leaks.js:21:11:26:5 | stringifed |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } |
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env |
| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | build-leaks.js:22:49:22:51 | env |
| build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env |
| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:39:23:46 | raw[key] |
| build-leaks.js:23:39:23:46 | raw[key] | build-leaks.js:23:24:23:47 | JSON.st ... w[key]) |
| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:49:22:51 | env |
| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified |
| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified |
| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw |
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw |
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } |
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | |
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | |
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | |
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | |
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:16:20:16:22 | env | provenance | |
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | |
| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | |
| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | Config |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | |
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | |
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:24:20:24:22 | env | provenance | |
| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config |
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | |
| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | |
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | |
| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | |
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | |
nodes
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} |
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) |
| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env |
| build-leaks.js:13:11:19:10 | raw | semmle.label | raw |
| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) |
| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env |
| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env |
| build-leaks.js:16:20:16:22 | env | semmle.label | env |
| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] |
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] |
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) |
| build-leaks.js:22:36:22:38 | raw | semmle.label | raw |
| build-leaks.js:22:49:22:51 | env | semmle.label | env |
| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env |
| build-leaks.js:23:39:23:41 | raw | semmle.label | raw |
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] |
| build-leaks.js:30:22:30:31 | stringifed [process.env] | semmle.label | stringifed [process.env] |
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | semmle.label | getEnv('production') [stringified, process.env] |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | semmle.label | getEnv( ... ngified |
| build-leaks.js:40:9:40:60 | pw | semmle.label | pw |
| build-leaks.js:40:14:40:60 | url.par ... assword | semmle.label | url.par ... assword |
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } |
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) |
| build-leaks.js:41:82:41:83 | pw | semmle.label | pw |
subpaths
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
#select
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |

487
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,308 +1,182 @@
nodes
| passwords.js:2:17:2:24 | password |
| passwords.js:2:17:2:24 | password |
| passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x |
| passwords.js:8:21:8:21 | x |
| passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password |
| passwords.js:10:11:10:18 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:12:18:12:25 | password |
| passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password |
| passwords.js:14:31:14:38 | password |
| passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password |
| passwords.js:16:29:16:36 | password |
| passwords.js:18:9:20:5 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } |
| passwords.js:18:16:20:5 | {\\n ... x\\n } |
| passwords.js:21:17:21:20 | obj1 |
| passwords.js:21:17:21:20 | obj1 |
| passwords.js:23:9:25:5 | obj2 |
| passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:24:12:24:19 | password |
| passwords.js:24:12:24:19 | password |
| passwords.js:26:17:26:20 | obj2 |
| passwords.js:26:17:26:20 | obj2 |
| passwords.js:28:9:28:17 | obj3 |
| passwords.js:28:16:28:17 | {} |
| passwords.js:29:17:29:20 | obj3 |
| passwords.js:29:17:29:20 | obj3 |
| passwords.js:30:14:30:21 | password |
| passwords.js:30:14:30:21 | password |
| passwords.js:77:37:77:53 | req.body.password |
| passwords.js:77:37:77:53 | req.body.password |
| passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:80:9:80:25 | secret |
| passwords.js:80:18:80:25 | password |
| passwords.js:80:18:80:25 | password |
| passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:24:81:29 | secret |
| passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password |
| passwords.js:93:39:93:46 | password |
| passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password |
| passwords.js:98:39:98:46 | password |
| passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password |
| passwords.js:105:39:105:46 | password |
| passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password |
| passwords.js:110:39:110:46 | password |
| passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password |
| passwords.js:114:43:114:50 | password |
| passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password |
| passwords.js:119:39:119:46 | password |
| passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:31:122:38 | password |
| passwords.js:122:31:122:38 | password |
| passwords.js:122:31:122:49 | password.toString() |
| passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:31:123:38 | password |
| passwords.js:123:31:123:38 | password |
| passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password |
| passwords.js:130:12:130:19 | password |
| passwords.js:131:12:131:24 | getPassword() |
| passwords.js:131:12:131:24 | getPassword() |
| passwords.js:135:17:135:22 | config |
| passwords.js:135:17:135:22 | config |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:136:17:136:24 | config.x |
| passwords.js:137:17:137:24 | config.y |
| passwords.js:137:17:137:24 | config.y |
| passwords.js:142:26:142:34 | arguments |
| passwords.js:142:26:142:34 | arguments |
| passwords.js:147:12:147:19 | password |
| passwords.js:147:12:147:19 | password |
| passwords.js:149:21:149:28 | config.x |
| passwords.js:150:21:150:31 | process.env |
| passwords.js:150:21:150:31 | process.env |
| passwords.js:152:9:152:63 | procdesc |
| passwords.js:152:20:152:44 | Util.in ... ss.env) |
| passwords.js:152:20:152:63 | Util.in ... /g, '') |
| passwords.js:152:33:152:43 | process.env |
| passwords.js:152:33:152:43 | process.env |
| passwords.js:154:21:154:28 | procdesc |
| passwords.js:156:17:156:27 | process.env |
| passwords.js:156:17:156:27 | process.env |
| passwords.js:156:17:156:27 | process.env |
| passwords.js:163:14:163:21 | password |
| passwords.js:163:14:163:21 | password |
| passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password |
| passwords.js:164:14:164:21 | password |
| passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password |
| passwords.js:169:17:169:24 | password |
| passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password |
| passwords.js:170:11:170:18 | password |
| passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:173:17:173:26 | myPassword |
| passwords.js:173:17:173:26 | myPassword |
| passwords.js:173:17:173:26 | myPassword |
| passwords.js:176:17:176:26 | myPasscode |
| passwords.js:176:17:176:26 | myPasscode |
| passwords.js:176:17:176:26 | myPasscode |
| passwords.js:182:14:182:21 | password |
| passwords.js:182:14:182:21 | password |
| passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password |
| passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:8:17:8:17 | x |
| passwords_in_server_5.js:8:17:8:17 | x |
edges
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password |
| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x |
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` |
| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 |
| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 |
| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 |
| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 |
| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 |
| passwords.js:23:16:25:5 | {\\n ... d\\n } | passwords.js:23:9:25:5 | obj2 |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } |
| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 |
| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 |
| passwords.js:28:16:28:17 | {} | passwords.js:28:9:28:17 | obj3 |
| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} |
| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword |
| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret |
| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret |
| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret |
| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword |
| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() |
| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() |
| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() |
| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() |
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y |
| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x |
| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments |
| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc |
| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') |
| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc |
| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) |
| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments |
| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") |
| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword |
| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode |
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") |
| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password |
| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password |
| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password |
| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password |
| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password |
| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x |
| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | provenance | |
| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | provenance | |
| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | provenance | |
| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | provenance | |
| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | provenance | |
| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | provenance | |
| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | provenance | |
| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance | |
| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | provenance | |
| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | provenance | |
| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance | |
| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | provenance | |
| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance | |
| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | provenance | |
| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | provenance | |
| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | provenance | |
| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | provenance | |
| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | provenance | |
| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | provenance | |
| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | provenance | |
| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | provenance | |
| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | provenance | |
| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | provenance | |
| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | provenance | |
| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | provenance | |
| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | provenance | |
| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | provenance | |
| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config | provenance | |
| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config | provenance | |
| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | provenance | |
| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config | provenance | |
| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | provenance | |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | provenance | |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | provenance | |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | provenance | |
| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | provenance | |
| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | provenance | |
| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | provenance | |
| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | provenance | |
| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | |
| passwords.js:142:26:142:34 | arguments | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [0] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | provenance | |
| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | provenance | |
| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | provenance | |
| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | provenance | |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | provenance | |
| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | provenance | |
| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | provenance | |
| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | provenance | |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | provenance | |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | provenance | |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | provenance | |
| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | provenance | |
| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | provenance | |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | provenance | |
| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | provenance | |
nodes
| passwords.js:2:17:2:24 | password | semmle.label | password |
| passwords.js:3:17:3:26 | o.password | semmle.label | o.password |
| passwords.js:4:17:4:29 | getPassword() | semmle.label | getPassword() |
| passwords.js:5:17:5:31 | o.getPassword() | semmle.label | o.getPassword() |
| passwords.js:7:20:7:20 | x | semmle.label | x |
| passwords.js:8:21:8:21 | x | semmle.label | x |
| passwords.js:10:11:10:18 | password | semmle.label | password |
| passwords.js:12:18:12:25 | password | semmle.label | password |
| passwords.js:14:17:14:38 | name + ... assword | semmle.label | name + ... assword |
| passwords.js:14:31:14:38 | password | semmle.label | password |
| passwords.js:16:17:16:38 | `${name ... sword}` | semmle.label | `${name ... sword}` |
| passwords.js:16:29:16:36 | password | semmle.label | password |
| passwords.js:18:9:20:5 | obj1 [password] | semmle.label | obj1 [password] |
| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | semmle.label | {\\n ... x\\n } [password] |
| passwords.js:19:19:19:19 | x | semmle.label | x |
| passwords.js:21:17:21:20 | obj1 | semmle.label | obj1 |
| passwords.js:23:9:25:5 | obj2 [x] | semmle.label | obj2 [x] |
| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] |
| passwords.js:24:12:24:19 | password | semmle.label | password |
| passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 |
| passwords.js:77:9:77:55 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] |
| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] |
| passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password |
| passwords.js:78:17:78:20 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] |
| passwords.js:78:17:78:38 | temp.en ... assword | semmle.label | temp.en ... assword |
| passwords.js:80:9:80:25 | secret | semmle.label | secret |
| passwords.js:80:18:80:25 | password | semmle.label | password |
| passwords.js:81:17:81:31 | `pw: ${secret}` | semmle.label | `pw: ${secret}` |
| passwords.js:81:24:81:29 | secret | semmle.label | secret |
| passwords.js:93:21:93:46 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:93:39:93:46 | password | semmle.label | password |
| passwords.js:98:21:98:46 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:98:39:98:46 | password | semmle.label | password |
| passwords.js:105:21:105:46 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:105:39:105:46 | password | semmle.label | password |
| passwords.js:110:21:110:46 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:110:39:110:46 | password | semmle.label | password |
| passwords.js:114:25:114:50 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:114:43:114:50 | password | semmle.label | password |
| passwords.js:119:21:119:46 | "Passwo ... assword | semmle.label | "Passwo ... assword |
| passwords.js:119:39:119:46 | password | semmle.label | password |
| passwords.js:122:17:122:49 | name + ... tring() | semmle.label | name + ... tring() |
| passwords.js:122:31:122:38 | password | semmle.label | password |
| passwords.js:122:31:122:49 | password.toString() | semmle.label | password.toString() |
| passwords.js:123:17:123:48 | name + ... lueOf() | semmle.label | name + ... lueOf() |
| passwords.js:123:31:123:38 | password | semmle.label | password |
| passwords.js:123:31:123:48 | password.valueOf() | semmle.label | password.valueOf() |
| passwords.js:127:9:132:5 | config [password] | semmle.label | config [password] |
| passwords.js:127:9:132:5 | config [x] | semmle.label | config [x] |
| passwords.js:127:9:132:5 | config [y] | semmle.label | config [y] |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | semmle.label | {\\n ... )\\n } [password] |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | semmle.label | {\\n ... )\\n } [x] |
| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | semmle.label | {\\n ... )\\n } [y] |
| passwords.js:128:19:128:19 | x | semmle.label | x |
| passwords.js:130:12:130:19 | password | semmle.label | password |
| passwords.js:131:12:131:24 | getPassword() | semmle.label | getPassword() |
| passwords.js:135:17:135:22 | config | semmle.label | config |
| passwords.js:136:17:136:22 | config [x] | semmle.label | config [x] |
| passwords.js:136:17:136:24 | config.x | semmle.label | config.x |
| passwords.js:137:17:137:22 | config [y] | semmle.label | config [y] |
| passwords.js:137:17:137:24 | config.y | semmle.label | config.y |
| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] |
| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] |
| passwords.js:142:26:142:34 | arguments | semmle.label | arguments |
| passwords.js:142:26:142:34 | arguments | semmle.label | arguments |
| passwords.js:142:26:142:34 | arguments [0] | semmle.label | arguments [0] |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] |
| passwords.js:146:9:148:5 | config [x] | semmle.label | config [x] |
| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] |
| passwords.js:147:12:147:19 | password | semmle.label | password |
| passwords.js:149:21:149:26 | config [x] | semmle.label | config [x] |
| passwords.js:149:21:149:28 | config.x | semmle.label | config.x |
| passwords.js:150:21:150:31 | process.env | semmle.label | process.env |
| passwords.js:152:9:152:63 | procdesc | semmle.label | procdesc |
| passwords.js:152:20:152:44 | Util.in ... ss.env) | semmle.label | Util.in ... ss.env) |
| passwords.js:152:20:152:63 | Util.in ... /g, '') | semmle.label | Util.in ... /g, '') |
| passwords.js:152:33:152:43 | process.env | semmle.label | process.env |
| passwords.js:154:21:154:28 | procdesc | semmle.label | procdesc |
| passwords.js:156:17:156:27 | process.env | semmle.label | process.env |
| passwords.js:163:14:163:21 | password | semmle.label | password |
| passwords.js:163:14:163:41 | passwor ... g, "*") | semmle.label | passwor ... g, "*") |
| passwords.js:164:14:164:21 | password | semmle.label | password |
| passwords.js:164:14:164:42 | passwor ... g, "*") | semmle.label | passwor ... g, "*") |
| passwords.js:169:17:169:24 | password | semmle.label | password |
| passwords.js:169:17:169:45 | passwor ... g, "*") | semmle.label | passwor ... g, "*") |
| passwords.js:170:11:170:18 | password | semmle.label | password |
| passwords.js:170:11:170:39 | passwor ... g, "*") | semmle.label | passwor ... g, "*") |
| passwords.js:173:17:173:26 | myPassword | semmle.label | myPassword |
| passwords.js:176:17:176:26 | myPasscode | semmle.label | myPasscode |
| passwords.js:182:14:182:21 | password | semmle.label | password |
| passwords.js:182:14:182:51 | passwor ... ), "*") | semmle.label | passwor ... ), "*") |
| passwords_in_browser1.js:2:13:2:20 | password | semmle.label | password |
| passwords_in_browser2.js:2:13:2:20 | password | semmle.label | password |
| passwords_in_server_1.js:6:13:6:20 | password | semmle.label | password |
| passwords_in_server_2.js:3:13:3:20 | password | semmle.label | password |
| passwords_in_server_3.js:2:13:2:20 | password | semmle.label | password |
| passwords_in_server_4.js:2:13:2:20 | password | semmle.label | password |
| passwords_in_server_5.js:4:7:4:24 | req.query.password | semmle.label | req.query.password |
| passwords_in_server_5.js:7:12:7:12 | x | semmle.label | x |
| passwords_in_server_5.js:8:17:8:17 | x | semmle.label | x |
subpaths
#select
| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:2:17:2:24 | password | an access to password |
| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | This logs sensitive data returned by $@ as clear text. | passwords.js:3:17:3:26 | o.password | an access to password |
@@ -312,9 +186,8 @@ edges
| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:12:18:12:25 | password | an access to password |
| passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:14:31:14:38 | password | an access to password |
| passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password |
| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:18:16:20:5 | {\\n ... x\\n } | an access to password |
| passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password |
| passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password |
| passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password |
| passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password |
| passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | This logs sensitive data returned by $@ as clear text. | passwords.js:80:18:80:25 | password | an access to password |
| passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:93:39:93:46 | password | an access to password |
@@ -325,7 +198,7 @@ edges
| passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:119:39:119:46 | password | an access to password |
| passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | This logs sensitive data returned by $@ as clear text. | passwords.js:122:31:122:38 | password | an access to password |
| passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | This logs sensitive data returned by $@ as clear text. | passwords.js:123:31:123:38 | password | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:127:18:132:5 | {\\n ... )\\n } | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:128:19:128:19 | x | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:128:19:128:19 | x | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password |
| passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword |
| passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password |

75
javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected
View File

@@ -1,57 +1,26 @@
nodes
| CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword |
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:33:7:34 | pw |
| CleartextStorage.js:5:7:5:40 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") |
| CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:7:26:7:27 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-angularjs.js:6:33:6:46 | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password |
edges
| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw |
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw |
| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password | tst-angularjs.js:6:33:6:46 | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password | tst-webstorage.js:1:18:1:30 | data.password |
| tst-webstorage.js:2:27:2:39 | data.password | tst-webstorage.js:2:27:2:39 | data.password |
| tst-webstorage.js:3:20:3:32 | data.password | tst-webstorage.js:3:20:3:32 | data.password |
| tst-webstorage.js:4:29:4:41 | data.password | tst-webstorage.js:4:29:4:41 | data.password |
| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | provenance | |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | provenance | |
| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | provenance | |
| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | provenance | |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | provenance | |
nodes
| CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw |
| CleartextStorage2.js:5:12:5:58 | url.par ... assword | semmle.label | url.par ... assword |
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | semmle.label | 'password=' + pw |
| CleartextStorage2.js:7:33:7:34 | pw | semmle.label | pw |
| CleartextStorage.js:5:7:5:40 | pw | semmle.label | pw |
| CleartextStorage.js:5:12:5:40 | req.par ... sword") | semmle.label | req.par ... sword") |
| CleartextStorage.js:7:26:7:27 | pw | semmle.label | pw |
| tst-angularjs.js:3:32:3:45 | data1.password | semmle.label | data1.password |
| tst-angularjs.js:4:33:4:46 | data2.password | semmle.label | data2.password |
| tst-angularjs.js:5:27:5:40 | data3.password | semmle.label | data3.password |
| tst-angularjs.js:6:33:6:46 | data4.password | semmle.label | data4.password |
| tst-webstorage.js:1:18:1:30 | data.password | semmle.label | data.password |
| tst-webstorage.js:2:27:2:39 | data.password | semmle.label | data.password |
| tst-webstorage.js:3:20:3:32 | data.password | semmle.label | data.password |
| tst-webstorage.js:4:29:4:41 | data.password | semmle.label | data.password |
subpaths
#select
| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password |
| CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param |

2
javascript/ql/test/query-tests/Security/CWE-312/passwords.js
View File

@@ -26,7 +26,7 @@
console.log(obj2); // NOT OK
var obj3 = {};
console.log(obj3); // OK - but still flagged due to flow-insensitive field-analysis. [INCONSISTENCY]
console.log(obj3); // OK
obj3.x = password;
var fixed_password = "123";

37
javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected
View File

@@ -1,30 +1,15 @@
nodes
| tst.js:3:5:3:24 | secretText |
| tst.js:3:18:3:24 | trusted |
| tst.js:3:18:3:24 | trusted |
| tst.js:11:17:11:26 | secretText |
| tst.js:11:17:11:26 | secretText |
| tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:17:17:17:25 | o.trusted |
| tst.js:19:17:19:24 | password |
| tst.js:19:17:19:24 | password |
| tst.js:19:17:19:24 | password |
| tst.js:22:21:22:30 | secretText |
| tst.js:22:21:22:30 | secretText |
| tst.js:22:21:22:30 | secretText |
edges
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText |
| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText |
| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted |
| tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password |
| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText |
| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | provenance | |
| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | provenance | |
| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | provenance | |
nodes
| tst.js:3:5:3:24 | secretText | semmle.label | secretText |
| tst.js:3:18:3:24 | trusted | semmle.label | trusted |
| tst.js:11:17:11:26 | secretText | semmle.label | secretText |
| tst.js:17:17:17:25 | o.trusted | semmle.label | o.trusted |
| tst.js:19:17:19:24 | password | semmle.label | password |
| tst.js:22:21:22:30 | secretText | semmle.label | secretText |
subpaths
#select
| tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:3:18:3:24 | trusted | sensitive data from an access to trusted |
| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:11:17:11:26 | secretText | sensitive data from an access to secretText |

261
javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected
View File

@@ -1,176 +1,93 @@
nodes
| tst.js:2:20:2:32 | Math.random() |
| tst.js:2:20:2:32 | Math.random() |
| tst.js:2:20:2:32 | Math.random() |
| tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() |
| tst.js:6:31:6:43 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix |
| tst.js:19:18:19:30 | Math.random() |
| tst.js:19:18:19:30 | Math.random() |
| tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:31:20:36 | suffix |
| tst.js:28:9:28:26 | pw |
| tst.js:28:14:28:26 | Math.random() |
| tst.js:28:14:28:26 | Math.random() |
| tst.js:29:20:29:21 | pw |
| tst.js:29:20:29:21 | pw |
| tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() |
| tst.js:41:21:41:33 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:55:17:55:29 | Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() |
| tst.js:61:22:61:34 | Math.random() |
| tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() |
| tst.js:66:29:66:41 | Math.random() |
| tst.js:71:9:71:48 | rand |
| tst.js:71:16:71:48 | Math.fl ... 999999) |
| tst.js:71:27:71:39 | Math.random() |
| tst.js:71:27:71:39 | Math.random() |
| tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:72:9:72:48 | concat |
| tst.js:72:18:72:48 | ts.toSt ... tring() |
| tst.js:72:34:72:37 | rand |
| tst.js:72:34:72:48 | rand.toString() |
| tst.js:73:23:73:28 | concat |
| tst.js:73:23:73:28 | concat |
| tst.js:77:16:77:21 | secret |
| tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() |
| tst.js:80:7:80:19 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:95:33:95:45 | Math.random() |
| tst.js:115:16:115:56 | Math.fl ... 00_000) |
| tst.js:115:16:115:56 | Math.fl ... 00_000) |
| tst.js:115:27:115:39 | Math.random() |
| tst.js:115:27:115:39 | Math.random() |
| tst.js:115:27:115:55 | Math.ra ... 000_000 |
| tst.js:116:22:116:62 | Math.fl ... 00_000) |
| tst.js:116:22:116:62 | Math.fl ... 00_000) |
| tst.js:116:33:116:45 | Math.random() |
| tst.js:116:33:116:45 | Math.random() |
| tst.js:116:33:116:61 | Math.ra ... 000_000 |
| tst.js:117:15:117:55 | Math.fl ... 00_000) |
| tst.js:117:15:117:55 | Math.fl ... 00_000) |
| tst.js:117:26:117:38 | Math.random() |
| tst.js:117:26:117:38 | Math.random() |
| tst.js:117:26:117:54 | Math.ra ... 000_000 |
| tst.js:118:23:118:63 | Math.fl ... 00_000) |
| tst.js:118:23:118:63 | Math.fl ... 00_000) |
| tst.js:118:34:118:46 | Math.random() |
| tst.js:118:34:118:46 | Math.random() |
| tst.js:118:34:118:62 | Math.ra ... 000_000 |
| tst.js:120:16:120:28 | Math.random() |
| tst.js:120:16:120:28 | Math.random() |
| tst.js:120:16:120:28 | Math.random() |
| tst.js:121:18:121:30 | Math.random() |
| tst.js:121:18:121:30 | Math.random() |
| tst.js:121:18:121:30 | Math.random() |
| tst.js:136:9:136:67 | password |
| tst.js:136:9:136:67 | password |
| tst.js:136:21:136:67 | chars[M ... ength)] |
| tst.js:136:27:136:66 | Math.fl ... length) |
| tst.js:136:38:136:50 | Math.random() |
| tst.js:136:38:136:50 | Math.random() |
| tst.js:136:38:136:65 | Math.ra ... .length |
edges
| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() |
| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() |
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 |
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix |
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix |
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() |
| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() |
| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() |
| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) |
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand |
| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand |
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 |
| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) |
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat |
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat |
| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat |
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() |
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() |
| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret |
| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() |
| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() |
| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() |
| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 |
| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 |
| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) |
| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) |
| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 |
| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 |
| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) |
| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) |
| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 |
| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 |
| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) |
| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) |
| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 |
| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 |
| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) |
| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) |
| tst.js:120:16:120:28 | Math.random() | tst.js:120:16:120:28 | Math.random() |
| tst.js:121:18:121:30 | Math.random() | tst.js:121:18:121:30 | Math.random() |
| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password |
| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password |
| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] |
| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length |
| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length |
| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) |
| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | Config |
| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | |
| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | Config |
| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | |
| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | Config |
| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | |
| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | |
| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | Config |
| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | Config |
| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | Config |
| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | |
| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | |
| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | Config |
| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | Config |
| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | |
| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | |
| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | Config |
| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | Config |
| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | |
| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | |
| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | Config |
| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | Config |
| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | Config |
| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | Config |
| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | Config |
| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | Config |
| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | Config |
| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | Config |
| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | Config |
| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | Config |
| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | Config |
| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | Config |
nodes
| tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() |
| tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() |
| tst.js:6:31:6:43 | Math.random() | semmle.label | Math.random() |
| tst.js:10:20:10:32 | Math.random() | semmle.label | Math.random() |
| tst.js:19:9:19:36 | suffix | semmle.label | suffix |
| tst.js:19:18:19:30 | Math.random() | semmle.label | Math.random() |
| tst.js:19:18:19:36 | Math.random() % 255 | semmle.label | Math.random() % 255 |
| tst.js:20:20:20:36 | "prefix" + suffix | semmle.label | "prefix" + suffix |
| tst.js:20:31:20:36 | suffix | semmle.label | suffix |
| tst.js:28:9:28:26 | pw | semmle.label | pw |
| tst.js:28:14:28:26 | Math.random() | semmle.label | Math.random() |
| tst.js:29:20:29:21 | pw | semmle.label | pw |
| tst.js:41:20:41:33 | !Math.random() | semmle.label | !Math.random() |
| tst.js:41:21:41:33 | Math.random() | semmle.label | Math.random() |
| tst.js:45:18:45:30 | Math.random() | semmle.label | Math.random() |
| tst.js:50:16:50:28 | Math.random() | semmle.label | Math.random() |
| tst.js:55:17:55:29 | Math.random() | semmle.label | Math.random() |
| tst.js:61:17:61:34 | '' + Math.random() | semmle.label | '' + Math.random() |
| tst.js:61:22:61:34 | Math.random() | semmle.label | Math.random() |
| tst.js:66:18:66:42 | Math.fl ... ndom()) | semmle.label | Math.fl ... ndom()) |
| tst.js:66:29:66:41 | Math.random() | semmle.label | Math.random() |
| tst.js:71:9:71:48 | rand | semmle.label | rand |
| tst.js:71:16:71:48 | Math.fl ... 999999) | semmle.label | Math.fl ... 999999) |
| tst.js:71:27:71:39 | Math.random() | semmle.label | Math.random() |
| tst.js:71:27:71:47 | Math.ra ... 9999999 | semmle.label | Math.ra ... 9999999 |
| tst.js:72:9:72:48 | concat | semmle.label | concat |
| tst.js:72:18:72:48 | ts.toSt ... tring() | semmle.label | ts.toSt ... tring() |
| tst.js:72:34:72:37 | rand | semmle.label | rand |
| tst.js:72:34:72:48 | rand.toString() | semmle.label | rand.toString() |
| tst.js:73:23:73:28 | concat | semmle.label | concat |
| tst.js:77:16:77:21 | secret | semmle.label | secret |
| tst.js:77:16:77:21 | secret | semmle.label | secret |
| tst.js:80:7:80:19 | Math.random() | semmle.label | Math.random() |
| tst.js:84:19:84:31 | Math.random() | semmle.label | Math.random() |
| tst.js:90:32:90:44 | Math.random() | semmle.label | Math.random() |
| tst.js:95:33:95:45 | Math.random() | semmle.label | Math.random() |
| tst.js:115:16:115:56 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) |
| tst.js:115:27:115:39 | Math.random() | semmle.label | Math.random() |
| tst.js:115:27:115:55 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 |
| tst.js:116:22:116:62 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) |
| tst.js:116:33:116:45 | Math.random() | semmle.label | Math.random() |
| tst.js:116:33:116:61 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 |
| tst.js:117:15:117:55 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) |
| tst.js:117:26:117:38 | Math.random() | semmle.label | Math.random() |
| tst.js:117:26:117:54 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 |
| tst.js:118:23:118:63 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) |
| tst.js:118:34:118:46 | Math.random() | semmle.label | Math.random() |
| tst.js:118:34:118:62 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 |
| tst.js:120:16:120:28 | Math.random() | semmle.label | Math.random() |
| tst.js:121:18:121:30 | Math.random() | semmle.label | Math.random() |
| tst.js:136:9:136:67 | password | semmle.label | password |
| tst.js:136:21:136:67 | chars[M ... ength)] | semmle.label | chars[M ... ength)] |
| tst.js:136:27:136:66 | Math.fl ... length) | semmle.label | Math.fl ... length) |
| tst.js:136:38:136:50 | Math.random() | semmle.label | Math.random() |
| tst.js:136:38:136:65 | Math.ra ... .length | semmle.label | Math.ra ... .length |
subpaths
#select
| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:2:20:2:32 | Math.random() | Math.random() |
| tst.js:6:20:6:43 | "prefix ... andom() | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:6:31:6:43 | Math.random() | Math.random() |

6
javascript/ql/test/query-tests/Security/CWE-338/foo.test.js Normal file
View File

@@ -0,0 +1,6 @@
import { getRandom } from "./library1";
import { doAuth } from "./library2";
function f() {
doAuth(getRandom());
}

3
javascript/ql/test/query-tests/Security/CWE-338/library1.js Normal file
View File

@@ -0,0 +1,3 @@
export function getRandom() {
return Math.random();
}

3
javascript/ql/test/query-tests/Security/CWE-338/library2.js Normal file
View File

@@ -0,0 +1,3 @@
export function doAuth(pw) {
var password = pw;
}

35
javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected
View File

@@ -1,28 +1,15 @@
nodes
| tst.js:12:9:12:54 | origin |
| tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:12:18:12:47 | url.par ... ).query |
| tst.js:12:18:12:54 | url.par ... .origin |
| tst.js:12:28:12:34 | req.url |
| tst.js:12:28:12:34 | req.url |
| tst.js:13:50:13:55 | origin |
| tst.js:13:50:13:55 | origin |
| tst.js:18:50:18:53 | null |
| tst.js:18:50:18:53 | null |
| tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" |
| tst.js:23:50:23:55 | "null" |
| tst.js:23:50:23:55 | "null" |
edges
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin |
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin |
| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:18:12:47 | url.par ... ).query |
| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin |
| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) |
| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null |
| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" |
| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | provenance | |
| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | provenance | |
| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | provenance | |
nodes
| tst.js:12:9:12:54 | origin | semmle.label | origin |
| tst.js:12:18:12:41 | url.par ... , true) | semmle.label | url.par ... , true) |
| tst.js:12:28:12:34 | req.url | semmle.label | req.url |
| tst.js:13:50:13:55 | origin | semmle.label | origin |
| tst.js:18:50:18:53 | null | semmle.label | null |
| tst.js:23:50:23:55 | "null" | semmle.label | "null" |
subpaths
#select
| tst.js:13:50:13:55 | origin | tst.js:12:28:12:34 | req.url | tst.js:13:50:13:55 | origin | $@ leak vulnerability due to a $@. | tst.js:14:5:14:59 | res.set ... , true) | Credential | tst.js:12:28:12:34 | req.url | misconfigured CORS header value |
| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | $@ leak vulnerability due to a $@. | tst.js:19:5:19:59 | res.set ... , true) | Credential | tst.js:18:50:18:53 | null | misconfigured CORS header value |

75
javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected
View File

@@ -1,50 +1,33 @@
nodes
| insecure-temporary-file.js:7:9:11:5 | tmpLocation |
| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) |
| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() |
| insecure-temporary-file.js:13:22:13:32 | tmpLocation |
| insecure-temporary-file.js:13:22:13:32 | tmpLocation |
| insecure-temporary-file.js:15:9:15:34 | tmpPath |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" |
| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:17:32:17:38 | tmpPath |
| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:23:32:23:38 | tmpPath |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 |
| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() |
| insecure-temporary-file.js:26:22:26:29 | tmpPath2 |
| insecure-temporary-file.js:26:22:26:29 | tmpPath2 |
| insecure-temporary-file.js:28:17:28:24 | tmpPath2 |
| insecure-temporary-file.js:28:17:28:24 | tmpPath2 |
edges
| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation |
| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation |
| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation |
| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() |
| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath |
| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath |
| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 |
| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) |
| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | provenance | |
| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | provenance | |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | provenance | |
| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | provenance | |
| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | provenance | |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | provenance | |
| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | provenance | |
| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | provenance | |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | provenance | |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | provenance | |
| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | provenance | |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | provenance | |
nodes
| insecure-temporary-file.js:7:9:11:5 | tmpLocation | semmle.label | tmpLocation |
| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | semmle.label | path.jo ... )\\n ) |
| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | semmle.label | os.tmpdir() |
| insecure-temporary-file.js:13:22:13:32 | tmpLocation | semmle.label | tmpLocation |
| insecure-temporary-file.js:15:9:15:34 | tmpPath | semmle.label | tmpPath |
| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | semmle.label | "/tmp/something" |
| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") |
| insecure-temporary-file.js:17:32:17:38 | tmpPath | semmle.label | tmpPath |
| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") |
| insecure-temporary-file.js:23:32:23:38 | tmpPath | semmle.label | tmpPath |
| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | semmle.label | tmpPath2 |
| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | semmle.label | path.jo ... )}.md`) |
| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | semmle.label | os.tmpdir() |
| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | semmle.label | tmpPath2 |
| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | semmle.label | tmpPath2 |
subpaths
#select
| insecure-temporary-file.js:13:22:13:32 | tmpLocation | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:13:22:13:32 | tmpLocation | Insecure creation of file in $@. | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | the os temp dir |
| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | Insecure creation of file in $@. | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | the os temp dir |

6
javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected
View File

@@ -1,8 +1,6 @@
nodes
| tst.js:9:29:9:36 | req.body |
| tst.js:9:29:9:36 | req.body |
| tst.js:9:29:9:36 | req.body |
| tst.js:9:29:9:36 | req.body | semmle.label | req.body |
edges
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body |
subpaths
#select
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing $@ with $@. | tst.js:9:29:9:36 | req.body | user input | tst.js:4:21:4:35 | allErrors: true | allErrors: true |

1085
javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
View File

File diff suppressed because it is too large Load Diff

64
javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected
View File

@@ -1,37 +1,35 @@
nodes
| tst.js:8:6:8:52 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:8:28:8:51 | req.que ... trolled |
| tst.js:9:8:9:11 | prop |
| tst.js:9:8:9:11 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:13:15:13:18 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:14:31:14:34 | prop |
| tst.js:16:10:16:13 | prop |
| tst.js:16:10:16:13 | prop |
| tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:5:17:5:23 | req.url |
| tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:8:17:8:23 | userVal |
edges
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | provenance | |
| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | provenance | |
| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | provenance | |
| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | provenance | |
| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | provenance | |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | provenance | |
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | provenance | |
| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | provenance | |
| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | provenance | |
| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | provenance | |
| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | provenance | |
| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | provenance | |
| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | provenance | |
nodes
| tst.js:8:6:8:52 | prop | semmle.label | prop |
| tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) |
| tst.js:8:28:8:51 | req.que ... trolled | semmle.label | req.que ... trolled |
| tst.js:9:8:9:11 | prop | semmle.label | prop |
| tst.js:13:15:13:18 | prop | semmle.label | prop |
| tst.js:14:31:14:34 | prop | semmle.label | prop |
| tst.js:16:10:16:13 | prop | semmle.label | prop |
| tst.js:21:25:21:25 | x | semmle.label | x |
| tst.js:22:6:22:15 | result | semmle.label | result |
| tst.js:22:15:22:15 | x | semmle.label | x |
| tst.js:23:9:23:14 | result | semmle.label | result |
| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) |
| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal |
| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url |
| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal |
subpaths
| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) |
#select
| tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
| tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-502/Consistency.ql
View File

@@ -1,3 +1,3 @@
import javascript
import semmle.javascript.security.dataflow.UnsafeDeserializationQuery
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking

43
javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected
View File

@@ -1,37 +1,14 @@
nodes
| tst.js:13:22:13:36 | req.params.data |
| tst.js:13:22:13:36 | req.params.data |
| tst.js:13:22:13:36 | req.params.data |
| tst.js:14:25:14:39 | req.params.data |
| tst.js:14:25:14:39 | req.params.data |
| tst.js:14:25:14:39 | req.params.data |
| tst.js:15:26:15:40 | req.params.data |
| tst.js:15:26:15:40 | req.params.data |
| tst.js:15:26:15:40 | req.params.data |
| tst.js:16:29:16:43 | req.params.data |
| tst.js:16:29:16:43 | req.params.data |
| tst.js:16:29:16:43 | req.params.data |
| tst.js:20:22:20:36 | req.params.data |
| tst.js:20:22:20:36 | req.params.data |
| tst.js:20:22:20:36 | req.params.data |
| tst.js:21:22:21:36 | req.params.data |
| tst.js:21:22:21:36 | req.params.data |
| tst.js:21:22:21:36 | req.params.data |
| tst.js:24:22:24:36 | req.params.data |
| tst.js:24:22:24:36 | req.params.data |
| tst.js:24:22:24:36 | req.params.data |
| tst.js:25:22:25:36 | req.params.data |
| tst.js:25:22:25:36 | req.params.data |
| tst.js:25:22:25:36 | req.params.data |
edges
| tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data |
| tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data |
| tst.js:15:26:15:40 | req.params.data | tst.js:15:26:15:40 | req.params.data |
| tst.js:16:29:16:43 | req.params.data | tst.js:16:29:16:43 | req.params.data |
| tst.js:20:22:20:36 | req.params.data | tst.js:20:22:20:36 | req.params.data |
| tst.js:21:22:21:36 | req.params.data | tst.js:21:22:21:36 | req.params.data |
| tst.js:24:22:24:36 | req.params.data | tst.js:24:22:24:36 | req.params.data |
| tst.js:25:22:25:36 | req.params.data | tst.js:25:22:25:36 | req.params.data |
nodes
| tst.js:13:22:13:36 | req.params.data | semmle.label | req.params.data |
| tst.js:14:25:14:39 | req.params.data | semmle.label | req.params.data |
| tst.js:15:26:15:40 | req.params.data | semmle.label | req.params.data |
| tst.js:16:29:16:43 | req.params.data | semmle.label | req.params.data |
| tst.js:20:22:20:36 | req.params.data | semmle.label | req.params.data |
| tst.js:21:22:21:36 | req.params.data | semmle.label | req.params.data |
| tst.js:24:22:24:36 | req.params.data | semmle.label | req.params.data |
| tst.js:25:22:25:36 | req.params.data | semmle.label | req.params.data |
subpaths
#select
| tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:13:22:13:36 | req.params.data | user-provided value |
| tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:14:25:14:39 | req.params.data | user-provided value |

81
javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected
View File

@@ -1,45 +1,46 @@
nodes
| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" |
| tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' |
| tst.js:2:6:2:46 | Buffer. ... 'hex') |
| tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:18:2:38 | totally ... sString |
| tst.js:5:5:5:23 | test |
| tst.js:5:12:5:23 | "0123456789" |
| tst.js:5:12:5:23 | "0123456789" |
| tst.js:7:8:7:11 | test |
| tst.js:7:8:7:15 | test+"n" |
| tst.js:7:8:7:15 | test+"n" |
| event-stream-orig.js:93:16:93:16 | r | semmle.label | r |
| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") |
| event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | semmle.label | Buffer. ... tring() |
| event-stream-orig.js:94:26:94:26 | r | semmle.label | r |
| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" |
| event-stream.js:5:12:5:12 | r | semmle.label | r |
| event-stream.js:6:10:6:30 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") |
| event-stream.js:6:10:6:41 | Buffer. ... tring() | semmle.label | Buffer. ... tring() |
| event-stream.js:6:22:6:22 | r | semmle.label | r |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" |
| tst.js:1:5:1:88 | totallyHarmlessString | semmle.label | totallyHarmlessString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | semmle.label | '636f6e ... 6e2729' |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | semmle.label | Buffer. ... 'hex') |
| tst.js:2:6:2:57 | Buffer. ... tring() | semmle.label | Buffer. ... tring() |
| tst.js:2:18:2:38 | totally ... sString | semmle.label | totally ... sString |
| tst.js:5:5:5:23 | test | semmle.label | test |
| tst.js:5:12:5:23 | "0123456789" | semmle.label | "0123456789" |
| tst.js:7:8:7:11 | test | semmle.label | test |
| tst.js:7:8:7:15 | test+"n" | semmle.label | test+"n" |
edges
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() |
| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') |
| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test |
| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test |
| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test |
| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" |
| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" |
| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | provenance | |
| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | provenance | Config |
| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | provenance | Config |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | provenance | |
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | provenance | Config |
| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | provenance | |
| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | provenance | Config |
| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | provenance | Config |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | provenance | |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | provenance | Config |
| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | provenance | |
| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | provenance | |
| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | provenance | Config |
| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | provenance | Config |
| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | provenance | |
| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | provenance | |
| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | provenance | Config |
subpaths
| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") |
| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | event-stream.js:6:10:6:41 | Buffer. ... tring() | event-stream.js:9:11:9:37 | e("2e2f ... 17461") |
#select
| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | Hard-coded data |
| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | Hard-coded data |

561
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected
View File

@@ -1,355 +1,214 @@
nodes
| adm-zip.js:13:13:13:21 | req.files |
| adm-zip.js:13:13:13:21 | req.files |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:17:18:17:24 | tarFile |
| adm-zip.js:24:22:24:28 | tarFile |
| adm-zip.js:24:22:24:33 | tarFile.data |
| adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:36:5:36:38 | admZip. ... , true) |
| adm-zip.js:36:5:36:38 | admZip. ... , true) |
| decompress.js:11:16:11:33 | req.query.filePath |
| decompress.js:11:16:11:33 | req.query.filePath |
| decompress.js:11:16:11:33 | req.query.filePath |
| jszip.js:12:13:12:21 | req.files |
| jszip.js:12:13:12:21 | req.files |
| jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:38 | req.fil ... le.data |
| jszip.js:32:18:32:24 | zipFile |
| jszip.js:33:22:33:28 | zipFile |
| jszip.js:33:22:33:33 | zipFile.data |
| jszip.js:33:22:33:33 | zipFile.data |
| node-tar.js:15:13:15:21 | req.files |
| node-tar.js:15:13:15:21 | req.files |
| node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:38 | req.fil ... le.data |
| node-tar.js:19:18:19:24 | tarFile |
| node-tar.js:21:23:21:49 | Readabl ... e.data) |
| node-tar.js:21:37:21:43 | tarFile |
| node-tar.js:21:37:21:48 | tarFile.data |
| node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) |
| node-tar.js:29:25:29:31 | tarFile |
| node-tar.js:29:25:29:36 | tarFile.name |
| node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) |
| node-tar.js:45:25:45:31 | tarFile |
| node-tar.js:45:25:45:36 | tarFile.name |
| node-tar.js:46:9:46:20 | decompressor |
| node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:58:19:58:25 | tarFile |
| node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile |
| node-tar.js:59:25:59:36 | tarFile.name |
| node-tar.js:59:25:59:36 | tarFile.name |
| pako.js:12:14:12:22 | req.files |
| pako.js:12:14:12:22 | req.files |
| pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:39 | req.fil ... le.data |
| pako.js:13:14:13:22 | req.files |
| pako.js:13:14:13:22 | req.files |
| pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:39 | req.fil ... le.data |
| pako.js:17:19:17:25 | zipFile |
| pako.js:18:11:18:68 | myArray |
| pako.js:18:21:18:68 | Buffer. ... uffer)) |
| pako.js:18:33:18:67 | new Uin ... buffer) |
| pako.js:18:48:18:54 | zipFile |
| pako.js:18:48:18:59 | zipFile.data |
| pako.js:18:48:18:66 | zipFile.data.buffer |
| pako.js:21:31:21:37 | myArray |
| pako.js:21:31:21:37 | myArray |
| pako.js:28:19:28:25 | zipFile |
| pako.js:29:11:29:62 | myArray |
| pako.js:29:21:29:55 | new Uin ... buffer) |
| pako.js:29:21:29:62 | new Uin ... .buffer |
| pako.js:29:36:29:42 | zipFile |
| pako.js:29:36:29:47 | zipFile.data |
| pako.js:29:36:29:54 | zipFile.data.buffer |
| pako.js:32:31:32:37 | myArray |
| pako.js:32:31:32:37 | myArray |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unbzip2.js:12:25:12:42 | req.query.FilePath |
| unbzip2.js:12:25:12:42 | req.query.FilePath |
| unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:50:12:54 | bz2() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) |
| unzipper.js:13:40:13:48 | req.files |
| unzipper.js:13:40:13:48 | req.files |
| unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:61 | req.fil ... le.data |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:73:23:73:38 | unzipper.Parse() |
| yauzl.js:12:18:12:26 | req.files |
| yauzl.js:12:18:12:26 | req.files |
| yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:13:22:13:30 | req.files |
| yauzl.js:13:22:13:30 | req.files |
| yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:14:34:14:42 | req.files |
| yauzl.js:14:34:14:42 | req.files |
| yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:37:16:37:33 | req.query.filePath |
| yauzl.js:37:16:37:33 | req.query.filePath |
| yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:41:64:41:73 | readStream |
| yauzl.js:41:64:41:73 | readStream |
| yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:43:21:43:39 | zipfile.readEntry() |
| zlib.js:15:19:15:27 | req.files |
| zlib.js:15:19:15:27 | req.files |
| zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:44 | req.fil ... le.data |
| zlib.js:17:18:17:26 | req.files |
| zlib.js:17:18:17:26 | req.files |
| zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:43 | req.fil ... le.data |
| zlib.js:19:24:19:32 | req.files |
| zlib.js:19:24:19:32 | req.files |
| zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:49 | req.fil ... le.data |
| zlib.js:21:32:21:40 | req.files |
| zlib.js:21:32:21:40 | req.files |
| zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:57 | req.fil ... le.data |
| zlib.js:27:24:27:30 | zipFile |
| zlib.js:29:9:29:15 | zipFile |
| zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile |
| zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile |
| zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:62:23:62:29 | zipFile |
| zlib.js:63:21:63:27 | zipFile |
| zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile |
| zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile |
| zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:74:29:74:35 | zipFile |
| zlib.js:75:25:75:51 | Readabl ... e.data) |
| zlib.js:75:39:75:45 | zipFile |
| zlib.js:75:39:75:50 | zipFile.data |
| zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:82:43:82:49 | zipFile |
| zlib.js:83:11:83:51 | inputStream |
| zlib.js:83:25:83:51 | Readabl ... e.data) |
| zlib.js:83:39:83:45 | zipFile |
| zlib.js:83:39:83:50 | zipFile.data |
| zlib.js:86:9:86:19 | inputStream |
| zlib.js:87:9:87:27 | zlib.createGunzip() |
| zlib.js:87:9:87:27 | zlib.createGunzip() |
edges
| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile | adm-zip.js:17:18:17:24 | tarFile |
| adm-zip.js:17:18:17:24 | tarFile | adm-zip.js:24:22:24:28 | tarFile |
| adm-zip.js:24:22:24:28 | tarFile | adm-zip.js:24:22:24:33 | tarFile.data |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) |
| decompress.js:11:16:11:33 | req.query.filePath | decompress.js:11:16:11:33 | req.query.filePath |
| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:33 | req.fil ... ombFile | jszip.js:12:13:12:38 | req.fil ... le.data |
| jszip.js:12:13:12:38 | req.fil ... le.data | jszip.js:32:18:32:24 | zipFile |
| jszip.js:32:18:32:24 | zipFile | jszip.js:33:22:33:28 | zipFile |
| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data |
| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data |
| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:33 | req.fil ... ombFile | node-tar.js:15:13:15:38 | req.fil ... le.data |
| node-tar.js:15:13:15:38 | req.fil ... le.data | node-tar.js:19:18:19:24 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:21:37:21:43 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:29:25:29:31 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:45:25:45:31 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:58:19:58:25 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:59:25:59:31 | tarFile |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:21:37:21:43 | tarFile | node-tar.js:21:37:21:48 | tarFile.data |
| node-tar.js:21:37:21:48 | tarFile.data | node-tar.js:21:23:21:49 | Readabl ... e.data) |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:29:25:29:31 | tarFile | node-tar.js:29:25:29:36 | tarFile.name |
| node-tar.js:29:25:29:36 | tarFile.name | node-tar.js:29:5:29:37 | fs.crea ... e.name) |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) | node-tar.js:46:9:46:20 | decompressor |
| node-tar.js:45:25:45:31 | tarFile | node-tar.js:45:25:45:36 | tarFile.name |
| node-tar.js:45:25:45:36 | tarFile.name | node-tar.js:45:5:45:37 | fs.crea ... e.name) |
| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name |
| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:34 | req.fil ... ombFile | pako.js:12:14:12:39 | req.fil ... le.data |
| pako.js:12:14:12:39 | req.fil ... le.data | pako.js:17:19:17:25 | zipFile |
| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:34 | req.fil ... ombFile | pako.js:13:14:13:39 | req.fil ... le.data |
| pako.js:13:14:13:39 | req.fil ... le.data | pako.js:28:19:28:25 | zipFile |
| pako.js:17:19:17:25 | zipFile | pako.js:18:48:18:54 | zipFile |
| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray |
| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray |
| pako.js:18:21:18:68 | Buffer. ... uffer)) | pako.js:18:11:18:68 | myArray |
| pako.js:18:33:18:67 | new Uin ... buffer) | pako.js:18:21:18:68 | Buffer. ... uffer)) |
| pako.js:18:48:18:54 | zipFile | pako.js:18:48:18:59 | zipFile.data |
| pako.js:18:48:18:59 | zipFile.data | pako.js:18:48:18:66 | zipFile.data.buffer |
| pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) |
| pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile |
| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray |
| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray |
| pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:21:29:62 | new Uin ... .buffer |
| pako.js:29:21:29:62 | new Uin ... .buffer | pako.js:29:11:29:62 | myArray |
| pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:47 | zipFile.data |
| pako.js:29:36:29:47 | zipFile.data | pako.js:29:36:29:54 | zipFile.data.buffer |
| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:56 | req.files.ZipFile | unzipper.js:13:40:13:61 | req.fil ... le.data |
| unzipper.js:13:40:13:61 | req.fil ... le.data | unzipper.js:13:26:13:62 | Readabl ... e.data) |
| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:39 | req.fil ... ombFile | zlib.js:15:19:15:44 | req.fil ... le.data |
| zlib.js:15:19:15:44 | req.fil ... le.data | zlib.js:27:24:27:30 | zipFile |
| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:38 | req.fil ... ombFile | zlib.js:17:18:17:43 | req.fil ... le.data |
| zlib.js:17:18:17:43 | req.fil ... le.data | zlib.js:62:23:62:29 | zipFile |
| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:44 | req.fil ... ombFile | zlib.js:19:24:19:49 | req.fil ... le.data |
| zlib.js:19:24:19:49 | req.fil ... le.data | zlib.js:74:29:74:35 | zipFile |
| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:52 | req.fil ... ombFile | zlib.js:21:32:21:57 | req.fil ... le.data |
| zlib.js:21:32:21:57 | req.fil ... le.data | zlib.js:82:43:82:49 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:29:9:29:15 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:33:9:33:15 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:38:9:38:15 | zipFile |
| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:62:23:62:29 | zipFile | zlib.js:63:21:63:27 | zipFile |
| zlib.js:62:23:62:29 | zipFile | zlib.js:64:20:64:26 | zipFile |
| zlib.js:62:23:62:29 | zipFile | zlib.js:65:31:65:37 | zipFile |
| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:74:29:74:35 | zipFile | zlib.js:75:39:75:45 | zipFile |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:75:39:75:45 | zipFile | zlib.js:75:39:75:50 | zipFile.data |
| zlib.js:75:39:75:50 | zipFile.data | zlib.js:75:25:75:51 | Readabl ... e.data) |
| zlib.js:82:43:82:49 | zipFile | zlib.js:83:39:83:45 | zipFile |
| zlib.js:83:11:83:51 | inputStream | zlib.js:86:9:86:19 | inputStream |
| zlib.js:83:25:83:51 | Readabl ... e.data) | zlib.js:83:11:83:51 | inputStream |
| zlib.js:83:39:83:45 | zipFile | zlib.js:83:39:83:50 | zipFile.data |
| zlib.js:83:39:83:50 | zipFile.data | zlib.js:83:25:83:51 | Readabl ... e.data) |
| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() |
| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() |
| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile | provenance | |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile | adm-zip.js:17:18:17:24 | tarFile | provenance | |
| adm-zip.js:17:18:17:24 | tarFile | adm-zip.js:24:22:24:28 | tarFile | provenance | |
| adm-zip.js:24:22:24:28 | tarFile | adm-zip.js:24:22:24:33 | tarFile.data | provenance | |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() | provenance | Config |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | provenance | Config |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) | provenance | Config |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) | provenance | Config |
| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:38 | req.fil ... le.data | provenance | |
| jszip.js:12:13:12:38 | req.fil ... le.data | jszip.js:32:18:32:24 | zipFile | provenance | |
| jszip.js:32:18:32:24 | zipFile | jszip.js:33:22:33:28 | zipFile | provenance | |
| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data | provenance | |
| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:38 | req.fil ... le.data | provenance | |
| node-tar.js:15:13:15:38 | req.fil ... le.data | node-tar.js:19:18:19:24 | tarFile | provenance | |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:21:37:21:43 | tarFile | provenance | |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:29:25:29:31 | tarFile | provenance | |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:45:25:45:31 | tarFile | provenance | |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:58:19:58:25 | tarFile | provenance | |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:59:25:59:31 | tarFile | provenance | |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() | provenance | Config |
| node-tar.js:21:37:21:43 | tarFile | node-tar.js:21:37:21:48 | tarFile.data | provenance | |
| node-tar.js:21:37:21:48 | tarFile.data | node-tar.js:21:23:21:49 | Readabl ... e.data) | provenance | Config |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) | provenance | Config |
| node-tar.js:29:25:29:31 | tarFile | node-tar.js:29:25:29:36 | tarFile.name | provenance | |
| node-tar.js:29:25:29:36 | tarFile.name | node-tar.js:29:5:29:37 | fs.crea ... e.name) | provenance | Config |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) | node-tar.js:46:9:46:20 | decompressor | provenance | Config |
| node-tar.js:45:25:45:31 | tarFile | node-tar.js:45:25:45:36 | tarFile.name | provenance | |
| node-tar.js:45:25:45:36 | tarFile.name | node-tar.js:45:5:45:37 | fs.crea ... e.name) | provenance | Config |
| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) | provenance | Config |
| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name | provenance | |
| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name | provenance | |
| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:39 | req.fil ... le.data | provenance | |
| pako.js:12:14:12:39 | req.fil ... le.data | pako.js:17:19:17:25 | zipFile | provenance | |
| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:39 | req.fil ... le.data | provenance | |
| pako.js:13:14:13:39 | req.fil ... le.data | pako.js:28:19:28:25 | zipFile | provenance | |
| pako.js:17:19:17:25 | zipFile | pako.js:18:48:18:54 | zipFile | provenance | |
| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray | provenance | |
| pako.js:18:21:18:68 | Buffer. ... uffer)) | pako.js:18:11:18:68 | myArray | provenance | |
| pako.js:18:33:18:67 | new Uin ... buffer) | pako.js:18:21:18:68 | Buffer. ... uffer)) | provenance | |
| pako.js:18:48:18:54 | zipFile | pako.js:18:48:18:66 | zipFile.data.buffer | provenance | |
| pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) | provenance | Config |
| pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile | provenance | |
| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | provenance | |
| pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:11:29:62 | myArray | provenance | |
| pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:54 | zipFile.data.buffer | provenance | |
| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) | provenance | Config |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | provenance | Config |
| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() | provenance | Config |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() | provenance | Config |
| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:61 | req.fil ... le.data | provenance | |
| unzipper.js:13:40:13:61 | req.fil ... le.data | unzipper.js:13:26:13:62 | Readabl ... e.data) | provenance | Config |
| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:39 | req.fil ... le.data | provenance | |
| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:43 | req.fil ... le.data | provenance | |
| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:55 | req.fil ... le.data | provenance | |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | provenance | Config |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | provenance | Config |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | provenance | Config |
| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:44 | req.fil ... le.data | provenance | |
| zlib.js:15:19:15:44 | req.fil ... le.data | zlib.js:27:24:27:30 | zipFile | provenance | |
| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:43 | req.fil ... le.data | provenance | |
| zlib.js:17:18:17:43 | req.fil ... le.data | zlib.js:62:23:62:29 | zipFile | provenance | |
| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:49 | req.fil ... le.data | provenance | |
| zlib.js:19:24:19:49 | req.fil ... le.data | zlib.js:74:29:74:35 | zipFile | provenance | |
| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:57 | req.fil ... le.data | provenance | |
| zlib.js:21:32:21:57 | req.fil ... le.data | zlib.js:82:43:82:49 | zipFile | provenance | |
| zlib.js:27:24:27:30 | zipFile | zlib.js:29:9:29:15 | zipFile | provenance | |
| zlib.js:27:24:27:30 | zipFile | zlib.js:33:9:33:15 | zipFile | provenance | |
| zlib.js:27:24:27:30 | zipFile | zlib.js:38:9:38:15 | zipFile | provenance | |
| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data | provenance | |
| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data | provenance | |
| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data | provenance | |
| zlib.js:62:23:62:29 | zipFile | zlib.js:63:21:63:27 | zipFile | provenance | |
| zlib.js:62:23:62:29 | zipFile | zlib.js:64:20:64:26 | zipFile | provenance | |
| zlib.js:62:23:62:29 | zipFile | zlib.js:65:31:65:37 | zipFile | provenance | |
| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data | provenance | |
| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data | provenance | |
| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data | provenance | |
| zlib.js:74:29:74:35 | zipFile | zlib.js:75:39:75:45 | zipFile | provenance | |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() | provenance | Config |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() | provenance | Config |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() | provenance | Config |
| zlib.js:75:39:75:45 | zipFile | zlib.js:75:39:75:50 | zipFile.data | provenance | |
| zlib.js:75:39:75:50 | zipFile.data | zlib.js:75:25:75:51 | Readabl ... e.data) | provenance | Config |
| zlib.js:82:43:82:49 | zipFile | zlib.js:83:39:83:45 | zipFile | provenance | |
| zlib.js:83:11:83:51 | inputStream | zlib.js:86:9:86:19 | inputStream | provenance | |
| zlib.js:83:25:83:51 | Readabl ... e.data) | zlib.js:83:11:83:51 | inputStream | provenance | |
| zlib.js:83:39:83:45 | zipFile | zlib.js:83:39:83:50 | zipFile.data | provenance | |
| zlib.js:83:39:83:50 | zipFile.data | zlib.js:83:25:83:51 | Readabl ... e.data) | provenance | Config |
| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() | provenance | Config |
nodes
| adm-zip.js:13:13:13:21 | req.files | semmle.label | req.files |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile | semmle.label | req.fil ... ombFile |
| adm-zip.js:17:18:17:24 | tarFile | semmle.label | tarFile |
| adm-zip.js:24:22:24:28 | tarFile | semmle.label | tarFile |
| adm-zip.js:24:22:24:33 | tarFile.data | semmle.label | tarFile.data |
| adm-zip.js:28:25:28:42 | zipEntry.getData() | semmle.label | zipEntry.getData() |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | semmle.label | admZip. ... "10GB") |
| adm-zip.js:34:5:34:55 | admZip. ... , true) | semmle.label | admZip. ... , true) |
| adm-zip.js:36:5:36:38 | admZip. ... , true) | semmle.label | admZip. ... , true) |
| decompress.js:11:16:11:33 | req.query.filePath | semmle.label | req.query.filePath |
| jszip.js:12:13:12:21 | req.files | semmle.label | req.files |
| jszip.js:12:13:12:38 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| jszip.js:32:18:32:24 | zipFile | semmle.label | zipFile |
| jszip.js:33:22:33:28 | zipFile | semmle.label | zipFile |
| jszip.js:33:22:33:33 | zipFile.data | semmle.label | zipFile.data |
| node-tar.js:15:13:15:21 | req.files | semmle.label | req.files |
| node-tar.js:15:13:15:38 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| node-tar.js:19:18:19:24 | tarFile | semmle.label | tarFile |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | semmle.label | Readabl ... e.data) |
| node-tar.js:21:37:21:43 | tarFile | semmle.label | tarFile |
| node-tar.js:21:37:21:48 | tarFile.data | semmle.label | tarFile.data |
| node-tar.js:24:9:24:15 | tar.x() | semmle.label | tar.x() |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | semmle.label | fs.crea ... e.name) |
| node-tar.js:29:25:29:31 | tarFile | semmle.label | tarFile |
| node-tar.js:29:25:29:36 | tarFile.name | semmle.label | tarFile.name |
| node-tar.js:30:9:33:10 | tar.x({ ... }) | semmle.label | tar.x({ ... }) |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) | semmle.label | fs.crea ... e.name) |
| node-tar.js:45:25:45:31 | tarFile | semmle.label | tarFile |
| node-tar.js:45:25:45:36 | tarFile.name | semmle.label | tarFile.name |
| node-tar.js:46:9:46:20 | decompressor | semmle.label | decompressor |
| node-tar.js:48:9:50:10 | tar.x({ ... }) | semmle.label | tar.x({ ... }) |
| node-tar.js:58:19:58:25 | tarFile | semmle.label | tarFile |
| node-tar.js:58:19:58:30 | tarFile.name | semmle.label | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile | semmle.label | tarFile |
| node-tar.js:59:25:59:36 | tarFile.name | semmle.label | tarFile.name |
| pako.js:12:14:12:22 | req.files | semmle.label | req.files |
| pako.js:12:14:12:39 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| pako.js:13:14:13:22 | req.files | semmle.label | req.files |
| pako.js:13:14:13:39 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| pako.js:17:19:17:25 | zipFile | semmle.label | zipFile |
| pako.js:18:11:18:68 | myArray | semmle.label | myArray |
| pako.js:18:21:18:68 | Buffer. ... uffer)) | semmle.label | Buffer. ... uffer)) |
| pako.js:18:33:18:67 | new Uin ... buffer) | semmle.label | new Uin ... buffer) |
| pako.js:18:48:18:54 | zipFile | semmle.label | zipFile |
| pako.js:18:48:18:66 | zipFile.data.buffer | semmle.label | zipFile.data.buffer |
| pako.js:21:31:21:37 | myArray | semmle.label | myArray |
| pako.js:28:19:28:25 | zipFile | semmle.label | zipFile |
| pako.js:29:11:29:62 | myArray | semmle.label | myArray |
| pako.js:29:21:29:55 | new Uin ... buffer) | semmle.label | new Uin ... buffer) |
| pako.js:29:36:29:42 | zipFile | semmle.label | zipFile |
| pako.js:29:36:29:54 | zipFile.data.buffer | semmle.label | zipFile.data.buffer |
| pako.js:32:31:32:37 | myArray | semmle.label | myArray |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | semmle.label | fs.crea ... lePath) |
| unbzip2.js:12:25:12:42 | req.query.FilePath | semmle.label | req.query.FilePath |
| unbzip2.js:12:50:12:54 | bz2() | semmle.label | bz2() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | semmle.label | Readabl ... e.data) |
| unzipper.js:13:40:13:48 | req.files | semmle.label | req.files |
| unzipper.js:13:40:13:61 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) | semmle.label | unzippe ... ath' }) |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() | semmle.label | unzipper.ParseOne() |
| unzipper.js:24:15:24:30 | unzipper.Parse() | semmle.label | unzipper.Parse() |
| unzipper.js:34:15:34:30 | unzipper.Parse() | semmle.label | unzipper.Parse() |
| unzipper.js:41:35:41:71 | unzippe ... true }) | semmle.label | unzippe ... true }) |
| unzipper.js:51:36:51:72 | unzippe ... true }) | semmle.label | unzippe ... true }) |
| unzipper.js:60:23:60:38 | unzipper.Parse() | semmle.label | unzipper.Parse() |
| unzipper.js:73:23:73:38 | unzipper.Parse() | semmle.label | unzipper.Parse() |
| yauzl.js:12:18:12:26 | req.files | semmle.label | req.files |
| yauzl.js:12:18:12:39 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| yauzl.js:13:22:13:30 | req.files | semmle.label | req.files |
| yauzl.js:13:22:13:43 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| yauzl.js:14:34:14:42 | req.files | semmle.label | req.files |
| yauzl.js:14:34:14:55 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| yauzl.js:37:16:37:33 | req.query.filePath | semmle.label | req.query.filePath |
| yauzl.js:39:9:39:27 | zipfile.readEntry() | semmle.label | zipfile.readEntry() |
| yauzl.js:41:64:41:73 | readStream | semmle.label | readStream |
| yauzl.js:43:21:43:39 | zipfile.readEntry() | semmle.label | zipfile.readEntry() |
| zlib.js:15:19:15:27 | req.files | semmle.label | req.files |
| zlib.js:15:19:15:44 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| zlib.js:17:18:17:26 | req.files | semmle.label | req.files |
| zlib.js:17:18:17:43 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| zlib.js:19:24:19:32 | req.files | semmle.label | req.files |
| zlib.js:19:24:19:49 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| zlib.js:21:32:21:40 | req.files | semmle.label | req.files |
| zlib.js:21:32:21:57 | req.fil ... le.data | semmle.label | req.fil ... le.data |
| zlib.js:27:24:27:30 | zipFile | semmle.label | zipFile |
| zlib.js:29:9:29:15 | zipFile | semmle.label | zipFile |
| zlib.js:29:9:29:20 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:33:9:33:15 | zipFile | semmle.label | zipFile |
| zlib.js:33:9:33:20 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:38:9:38:15 | zipFile | semmle.label | zipFile |
| zlib.js:38:9:38:20 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:62:23:62:29 | zipFile | semmle.label | zipFile |
| zlib.js:63:21:63:27 | zipFile | semmle.label | zipFile |
| zlib.js:63:21:63:32 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:64:20:64:26 | zipFile | semmle.label | zipFile |
| zlib.js:64:20:64:31 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:65:31:65:37 | zipFile | semmle.label | zipFile |
| zlib.js:65:31:65:42 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:74:29:74:35 | zipFile | semmle.label | zipFile |
| zlib.js:75:25:75:51 | Readabl ... e.data) | semmle.label | Readabl ... e.data) |
| zlib.js:75:39:75:45 | zipFile | semmle.label | zipFile |
| zlib.js:75:39:75:50 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:77:22:77:40 | zlib.createGunzip() | semmle.label | zlib.createGunzip() |
| zlib.js:78:22:78:39 | zlib.createUnzip() | semmle.label | zlib.createUnzip() |
| zlib.js:79:22:79:50 | zlib.cr ... press() | semmle.label | zlib.cr ... press() |
| zlib.js:82:43:82:49 | zipFile | semmle.label | zipFile |
| zlib.js:83:11:83:51 | inputStream | semmle.label | inputStream |
| zlib.js:83:25:83:51 | Readabl ... e.data) | semmle.label | Readabl ... e.data) |
| zlib.js:83:39:83:45 | zipFile | semmle.label | zipFile |
| zlib.js:83:39:83:50 | zipFile.data | semmle.label | zipFile.data |
| zlib.js:86:9:86:19 | inputStream | semmle.label | inputStream |
| zlib.js:87:9:87:27 | zlib.createGunzip() | semmle.label | zlib.createGunzip() |
subpaths
#select
| adm-zip.js:28:25:28:42 | zipEntry.getData() | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:28:25:28:42 | zipEntry.getData() | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |

806
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected
View File

@@ -1,442 +1,349 @@
nodes
| electron.js:4:12:4:22 | window.name |
| electron.js:4:12:4:22 | window.name |
| electron.js:7:20:7:29 | getTaint() |
| electron.js:7:20:7:29 | getTaint() |
| react.js:10:60:10:81 | documen ... on.hash |
| react.js:10:60:10:81 | documen ... on.hash |
| react.js:10:60:10:81 | documen ... on.hash |
| react.js:21:24:21:45 | documen ... on.hash |
| react.js:21:24:21:45 | documen ... on.hash |
| react.js:21:24:21:45 | documen ... on.hash |
| react.js:28:43:28:64 | documen ... on.hash |
| react.js:28:43:28:64 | documen ... on.hash |
| react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:34:43:34:64 | documen ... on.hash |
| react.js:34:43:34:64 | documen ... on.hash |
| react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:40:19:40:40 | documen ... on.hash |
| react.js:40:19:40:40 | documen ... on.hash |
| react.js:40:19:40:50 | documen ... bstr(1) |
| react.js:40:19:40:50 | documen ... bstr(1) |
| sanitizer.js:2:9:2:25 | url |
| sanitizer.js:2:15:2:25 | window.name |
| sanitizer.js:2:15:2:25 | window.name |
| sanitizer.js:4:27:4:29 | url |
| sanitizer.js:4:27:4:29 | url |
| sanitizer.js:16:27:16:29 | url |
| sanitizer.js:16:27:16:29 | url |
| sanitizer.js:19:27:19:29 | url |
| sanitizer.js:19:27:19:29 | url |
| sanitizer.js:22:27:22:29 | url |
| sanitizer.js:22:27:22:29 | url |
| sanitizer.js:25:27:25:29 | url |
| sanitizer.js:25:27:25:29 | url |
| sanitizer.js:28:27:28:29 | url |
| sanitizer.js:28:27:28:29 | url |
| sanitizer.js:31:27:31:29 | url |
| sanitizer.js:31:27:31:29 | url |
| sanitizer.js:37:27:37:29 | url |
| sanitizer.js:37:27:37:29 | url |
| tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:28 | window.location |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href |
| tst2.js:4:21:4:24 | href |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst6.js:2:7:2:45 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') |
| tst6.js:2:18:2:45 | $locati ... irect') |
| tst6.js:4:21:4:28 | redirect |
| tst6.js:4:21:4:28 | redirect |
| tst6.js:6:17:6:24 | redirect |
| tst6.js:6:17:6:24 | redirect |
| tst6.js:8:21:8:48 | $locati ... irect') |
| tst6.js:8:21:8:48 | $locati ... irect') |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:42 | documen ... on.hash |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:55 | documen ... ring(1) |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:5:23:5:46 | documen ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:8:24:8:47 | documen ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:11:27:11:50 | documen ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search |
| tst10.js:14:33:14:56 | documen ... .search |
| tst12.js:3:9:3:50 | urlParts |
| tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:39 | window.location.hash |
| tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:4:9:4:45 | loc |
| tst12.js:4:15:4:22 | urlParts |
| tst12.js:4:15:4:25 | urlParts[0] |
| tst12.js:4:15:4:45 | urlPart ... s.value |
| tst12.js:5:23:5:25 | loc |
| tst12.js:5:23:5:25 | loc |
| tst13.js:2:9:2:52 | payload |
| tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:42 | documen ... .search |
| tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:4:15:4:21 | payload |
| tst13.js:4:15:4:21 | payload |
| tst13.js:8:21:8:27 | payload |
| tst13.js:8:21:8:27 | payload |
| tst13.js:12:14:12:20 | payload |
| tst13.js:12:14:12:20 | payload |
| tst13.js:16:17:16:23 | payload |
| tst13.js:16:17:16:23 | payload |
| tst13.js:20:14:20:20 | payload |
| tst13.js:20:14:20:20 | payload |
| tst13.js:24:14:24:20 | payload |
| tst13.js:24:14:24:20 | payload |
| tst13.js:28:21:28:27 | payload |
| tst13.js:28:21:28:27 | payload |
| tst13.js:32:17:32:23 | payload |
| tst13.js:32:17:32:23 | payload |
| tst13.js:36:21:36:27 | payload |
| tst13.js:36:21:36:27 | payload |
| tst13.js:40:15:40:21 | payload |
| tst13.js:40:15:40:21 | payload |
| tst13.js:44:14:44:20 | payload |
| tst13.js:44:14:44:20 | payload |
| tst13.js:49:32:49:32 | e |
| tst13.js:49:32:49:32 | e |
| tst13.js:50:23:50:23 | e |
| tst13.js:50:23:50:23 | e |
| tst13.js:52:34:52:34 | e |
| tst13.js:52:34:52:34 | e |
| tst13.js:53:28:53:28 | e |
| tst13.js:53:28:53:28 | e |
| tst13.js:59:9:59:52 | payload |
| tst13.js:59:19:59:42 | documen ... .search |
| tst13.js:59:19:59:42 | documen ... .search |
| tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:61:18:61:24 | payload |
| tst13.js:61:18:61:24 | payload |
| tst13.js:65:9:65:49 | payload |
| tst13.js:65:19:65:39 | history ... on.hash |
| tst13.js:65:19:65:39 | history ... on.hash |
| tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:67:21:67:27 | payload |
| tst13.js:67:21:67:27 | payload |
| tst13.js:72:9:72:49 | payload |
| tst13.js:72:19:72:39 | history ... on.hash |
| tst13.js:72:19:72:39 | history ... on.hash |
| tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:74:21:74:27 | payload |
| tst13.js:74:21:74:27 | payload |
| tst13.js:78:9:78:48 | url |
| tst13.js:78:15:78:38 | documen ... .search |
| tst13.js:78:15:78:38 | documen ... .search |
| tst13.js:78:15:78:48 | documen ... bstr(1) |
| tst13.js:80:21:80:23 | url |
| tst13.js:80:21:80:23 | url |
| tst13.js:81:28:81:30 | url |
| tst13.js:81:28:81:30 | url |
| tst13.js:82:27:82:29 | url |
| tst13.js:82:27:82:29 | url |
| tst13.js:83:22:83:24 | url |
| tst13.js:83:22:83:24 | url |
| tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:63 | document.location |
| tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:68 | documen ... on.href |
| tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:50 | document.location |
| tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:55 | documen ... on.href |
| tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:59:10:75 | document.location |
| tst.js:10:59:10:75 | document.location |
| tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:80 | documen ... on.href |
| tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:34:14:50 | document.location |
| tst.js:14:34:14:50 | document.location |
| tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:55 | documen ... on.href |
| tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:59:18:75 | document.location |
| tst.js:18:59:18:75 | document.location |
| tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:80 | documen ... on.href |
| tst.js:22:20:22:56 | indirec ... n.href) |
| tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:34:22:50 | document.location |
| tst.js:22:34:22:50 | document.location |
| tst.js:22:34:22:55 | documen ... on.href |
| tst.js:22:34:22:55 | documen ... on.href |
| tst.js:26:22:26:79 | new Reg ... n.href) |
| tst.js:26:22:26:82 | new Reg ... ref)[1] |
| tst.js:26:22:26:82 | new Reg ... ref)[1] |
| tst.js:26:62:26:78 | win.location.href |
| tst.js:26:62:26:78 | win.location.href |
| typed.ts:4:13:4:36 | params |
| typed.ts:4:22:4:36 | location.search |
| typed.ts:4:22:4:36 | location.search |
| typed.ts:5:25:5:30 | params |
| typed.ts:7:24:7:34 | redirectUri |
| typed.ts:8:33:8:43 | redirectUri |
| typed.ts:8:33:8:43 | redirectUri |
| typed.ts:25:25:25:34 | loc.search |
| typed.ts:25:25:25:34 | loc.search |
| typed.ts:28:24:28:34 | redirectUri |
| typed.ts:29:33:29:43 | redirectUri |
| typed.ts:29:33:29:43 | redirectUri |
| typed.ts:47:25:47:34 | loc.search |
| typed.ts:47:25:47:34 | loc.search |
| typed.ts:48:26:48:36 | loc2.search |
| typed.ts:48:26:48:36 | loc2.search |
| typed.ts:51:24:51:34 | redirectUri |
| typed.ts:52:33:52:43 | redirectUri |
| typed.ts:52:33:52:43 | redirectUri |
| typed.ts:55:25:55:35 | redirectUri |
| typed.ts:56:33:56:43 | redirectUri |
| typed.ts:56:33:56:43 | redirectUri |
| electron.js:4:12:4:22 | window.name | semmle.label | window.name |
| electron.js:7:20:7:29 | getTaint() | semmle.label | getTaint() |
| react.js:10:60:10:81 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:10:60:10:91 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| react.js:23:19:23:40 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:23:19:23:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| react.js:31:43:31:64 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:31:43:31:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| react.js:37:43:37:64 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:37:43:37:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| react.js:43:19:43:40 | documen ... on.hash | semmle.label | documen ... on.hash |
| react.js:43:19:43:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| regexp-exec.js:4:11:4:20 | [, group1] | semmle.label | [, group1] |
| regexp-exec.js:4:11:4:57 | group1 | semmle.label | group1 |
| regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | semmle.label | /#(.*)/ ... n.href) |
| regexp-exec.js:4:37:4:56 | window.location.href | semmle.label | window.location.href |
| regexp-exec.js:5:28:5:33 | group1 | semmle.label | group1 |
| regexp-exec.js:9:11:9:20 | [, group1] | semmle.label | [, group1] |
| regexp-exec.js:9:11:9:58 | group1 | semmle.label | group1 |
| regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | semmle.label | /\\?(.*) ... n.href) |
| regexp-exec.js:9:38:9:57 | window.location.href | semmle.label | window.location.href |
| regexp-exec.js:10:28:10:33 | group1 | semmle.label | group1 |
| regexp-exec.js:29:11:29:20 | [, group1] | semmle.label | [, group1] |
| regexp-exec.js:29:11:29:58 | group1 | semmle.label | group1 |
| regexp-exec.js:29:24:29:43 | window.location.href | semmle.label | window.location.href |
| regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | semmle.label | window. ... #(.*)/) |
| regexp-exec.js:30:28:30:33 | group1 | semmle.label | group1 |
| regexp-exec.js:34:11:34:20 | [, group1] | semmle.label | [, group1] |
| regexp-exec.js:34:11:34:64 | group1 | semmle.label | group1 |
| regexp-exec.js:34:24:34:43 | window.location.href | semmle.label | window.location.href |
| regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | semmle.label | window. ... #(.*)/) |
| regexp-exec.js:35:28:35:33 | group1 | semmle.label | group1 |
| regexp-exec.js:39:11:39:20 | [, group1] | semmle.label | [, group1] |
| regexp-exec.js:39:11:39:71 | group1 | semmle.label | group1 |
| regexp-exec.js:39:24:39:71 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
| regexp-exec.js:39:51:39:70 | window.location.href | semmle.label | window.location.href |
| regexp-exec.js:40:28:40:33 | group1 | semmle.label | group1 |
| sanitizer.js:2:9:2:25 | url | semmle.label | url |
| sanitizer.js:2:15:2:25 | window.name | semmle.label | window.name |
| sanitizer.js:4:27:4:29 | url | semmle.label | url |
| sanitizer.js:16:27:16:29 | url | semmle.label | url |
| sanitizer.js:19:27:19:29 | url | semmle.label | url |
| sanitizer.js:22:27:22:29 | url | semmle.label | url |
| sanitizer.js:25:27:25:29 | url | semmle.label | url |
| sanitizer.js:28:27:28:29 | url | semmle.label | url |
| sanitizer.js:31:27:31:29 | url | semmle.label | url |
| sanitizer.js:37:27:37:29 | url | semmle.label | url |
| tst2.js:2:7:2:33 | href | semmle.label | href |
| tst2.js:2:14:2:33 | window.location.href | semmle.label | window.location.href |
| tst2.js:4:21:4:24 | href | semmle.label | href |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) |
| tst6.js:2:7:2:45 | redirect | semmle.label | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | semmle.label | $locati ... irect') |
| tst6.js:4:21:4:28 | redirect | semmle.label | redirect |
| tst6.js:6:17:6:24 | redirect | semmle.label | redirect |
| tst6.js:8:21:8:48 | $locati ... irect') | semmle.label | $locati ... irect') |
| tst6.js:8:21:8:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" |
| tst7.js:2:12:2:35 | documen ... .search | semmle.label | documen ... .search |
| tst7.js:2:12:2:48 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst7.js:5:27:5:50 | documen ... .search | semmle.label | documen ... .search |
| tst7.js:5:27:5:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst9.js:2:21:2:55 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst10.js:5:17:5:59 | '/' + d ... ring(1) | semmle.label | '/' + d ... ring(1) |
| tst10.js:5:23:5:46 | documen ... .search | semmle.label | documen ... .search |
| tst10.js:5:23:5:59 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst10.js:8:17:8:60 | '//' + ... ring(1) | semmle.label | '//' + ... ring(1) |
| tst10.js:8:24:8:47 | documen ... .search | semmle.label | documen ... .search |
| tst10.js:8:24:8:60 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst10.js:11:17:11:63 | '//foo' ... ring(1) | semmle.label | '//foo' ... ring(1) |
| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search |
| tst10.js:11:27:11:63 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst10.js:14:17:14:69 | 'https: ... ring(1) | semmle.label | 'https: ... ring(1) |
| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search |
| tst10.js:14:33:14:69 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst13.js:2:9:2:52 | payload | semmle.label | payload |
| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search |
| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| tst13.js:4:15:4:21 | payload | semmle.label | payload |
| tst13.js:8:21:8:27 | payload | semmle.label | payload |
| tst13.js:12:14:12:20 | payload | semmle.label | payload |
| tst13.js:16:17:16:23 | payload | semmle.label | payload |
| tst13.js:20:14:20:20 | payload | semmle.label | payload |
| tst13.js:24:14:24:20 | payload | semmle.label | payload |
| tst13.js:28:21:28:27 | payload | semmle.label | payload |
| tst13.js:32:17:32:23 | payload | semmle.label | payload |
| tst13.js:36:21:36:27 | payload | semmle.label | payload |
| tst13.js:40:15:40:21 | payload | semmle.label | payload |
| tst13.js:44:14:44:20 | payload | semmle.label | payload |
| tst13.js:49:32:49:32 | e | semmle.label | e |
| tst13.js:50:23:50:23 | e | semmle.label | e |
| tst13.js:52:34:52:34 | e | semmle.label | e |
| tst13.js:53:28:53:28 | e | semmle.label | e |
| tst13.js:59:9:59:52 | payload | semmle.label | payload |
| tst13.js:59:19:59:42 | documen ... .search | semmle.label | documen ... .search |
| tst13.js:59:19:59:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| tst13.js:61:18:61:24 | payload | semmle.label | payload |
| tst13.js:65:9:65:49 | payload | semmle.label | payload |
| tst13.js:65:19:65:39 | history ... on.hash | semmle.label | history ... on.hash |
| tst13.js:65:19:65:49 | history ... bstr(1) | semmle.label | history ... bstr(1) |
| tst13.js:67:21:67:27 | payload | semmle.label | payload |
| tst13.js:72:9:72:49 | payload | semmle.label | payload |
| tst13.js:72:19:72:39 | history ... on.hash | semmle.label | history ... on.hash |
| tst13.js:72:19:72:49 | history ... bstr(1) | semmle.label | history ... bstr(1) |
| tst13.js:74:21:74:27 | payload | semmle.label | payload |
| tst13.js:78:9:78:48 | url | semmle.label | url |
| tst13.js:78:15:78:38 | documen ... .search | semmle.label | documen ... .search |
| tst13.js:78:15:78:48 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| tst13.js:80:21:80:23 | url | semmle.label | url |
| tst13.js:81:28:81:30 | url | semmle.label | url |
| tst13.js:82:27:82:29 | url | semmle.label | url |
| tst13.js:83:22:83:24 | url | semmle.label | url |
| tst15.js:2:9:2:42 | url | semmle.label | url |
| tst15.js:2:15:2:31 | document.location | semmle.label | document.location |
| tst15.js:2:15:2:42 | documen ... tring() | semmle.label | documen ... tring() |
| tst15.js:3:23:3:25 | url | semmle.label | url |
| tst15.js:3:23:3:38 | url.substring(0) | semmle.label | url.substring(0) |
| tst15.js:3:23:3:51 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) |
| tst15.js:4:23:4:25 | url | semmle.label | url |
| tst15.js:4:23:4:42 | url.substring(0, 10) | semmle.label | url.substring(0, 10) |
| tst15.js:4:23:4:55 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) |
| tst15.js:5:23:5:25 | url | semmle.label | url |
| tst15.js:5:23:5:60 | url.sub ... ', 10)) | semmle.label | url.sub ... ', 10)) |
| tst15.js:5:23:5:73 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) |
| tst15.js:7:9:7:43 | url2 | semmle.label | url2 |
| tst15.js:7:16:7:32 | document.location | semmle.label | document.location |
| tst15.js:7:16:7:43 | documen ... tring() | semmle.label | documen ... tring() |
| tst15.js:8:23:8:26 | url2 | semmle.label | url2 |
| tst15.js:8:23:8:39 | url2.substring(0) | semmle.label | url2.substring(0) |
| tst15.js:8:23:8:60 | url2.su ... nown()) | semmle.label | url2.su ... nown()) |
| tst15.js:9:23:9:26 | url2 | semmle.label | url2 |
| tst15.js:9:23:9:43 | url2.su ... (0, 10) | semmle.label | url2.su ... (0, 10) |
| tst15.js:9:23:9:64 | url2.su ... nown()) | semmle.label | url2.su ... nown()) |
| tst15.js:10:23:10:26 | url2 | semmle.label | url2 |
| tst15.js:10:23:10:62 | url2.su ... ', 10)) | semmle.label | url2.su ... ', 10)) |
| tst15.js:10:23:10:83 | url2.su ... nown()) | semmle.label | url2.su ... nown()) |
| tst15.js:12:9:12:52 | search | semmle.label | search |
| tst15.js:12:18:12:41 | documen ... .search | semmle.label | documen ... .search |
| tst15.js:12:18:12:52 | documen ... tring() | semmle.label | documen ... tring() |
| tst15.js:13:23:13:28 | search | semmle.label | search |
| tst15.js:13:23:13:41 | search.substring(0) | semmle.label | search.substring(0) |
| tst15.js:13:23:13:54 | search. ... ring(1) | semmle.label | search. ... ring(1) |
| tst15.js:14:23:14:28 | search | semmle.label | search |
| tst15.js:14:23:14:45 | search. ... (0, 10) | semmle.label | search. ... (0, 10) |
| tst15.js:14:23:14:58 | search. ... ring(1) | semmle.label | search. ... ring(1) |
| tst15.js:15:23:15:28 | search | semmle.label | search |
| tst15.js:15:23:15:66 | search. ... ', 10)) | semmle.label | search. ... ', 10)) |
| tst15.js:15:23:15:79 | search. ... ring(1) | semmle.label | search. ... ring(1) |
| tst.js:2:19:2:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] |
| tst.js:2:47:2:68 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:6:20:6:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
| tst.js:6:20:6:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
| tst.js:6:34:6:55 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:10:19:10:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
| tst.js:10:19:10:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
| tst.js:10:59:10:80 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:14:20:14:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
| tst.js:14:20:14:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
| tst.js:14:34:14:55 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:18:19:18:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
| tst.js:18:19:18:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
| tst.js:18:59:18:80 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:22:20:22:56 | indirec ... n.href) | semmle.label | indirec ... n.href) |
| tst.js:22:20:22:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] |
| tst.js:22:34:22:55 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) |
| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] |
| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href |
| typed.ts:4:13:4:49 | params | semmle.label | params |
| typed.ts:4:22:4:36 | location.search | semmle.label | location.search |
| typed.ts:4:22:4:49 | locatio ... ring(1) | semmle.label | locatio ... ring(1) |
| typed.ts:5:25:5:30 | params | semmle.label | params |
| typed.ts:7:24:7:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:8:33:8:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:25:25:25:34 | loc.search | semmle.label | loc.search |
| typed.ts:25:25:25:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) |
| typed.ts:28:24:28:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:29:33:29:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:47:25:47:34 | loc.search | semmle.label | loc.search |
| typed.ts:47:25:47:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) |
| typed.ts:48:26:48:36 | loc2.search | semmle.label | loc2.search |
| typed.ts:48:26:48:49 | loc2.se ... ring(1) | semmle.label | loc2.se ... ring(1) |
| typed.ts:51:24:51:34 | redirectUri | semmle.label | redirectUri |
| typed.ts:52:33:52:43 | redirectUri | semmle.label | redirectUri |
| typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri |
| typed.ts:56:33:56:43 | redirectUri | semmle.label | redirectUri |
edges
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() |
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash |
| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash |
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) |
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) |
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url |
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url |
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search |
| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') |
| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts |
| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc |
| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc |
| tst12.js:4:15:4:22 | urlParts | tst12.js:4:15:4:25 | urlParts[0] |
| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:15:4:45 | urlPart ... s.value |
| tst12.js:4:15:4:45 | urlPart ... s.value | tst12.js:4:9:4:45 | loc |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload |
| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload |
| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) |
| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e |
| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload |
| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload |
| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) |
| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload |
| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload |
| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload |
| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) |
| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload |
| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload |
| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload |
| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) |
| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload |
| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url |
| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url |
| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url |
| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url |
| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url |
| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url |
| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url |
| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url |
| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) |
| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) |
| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) |
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] |
| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href |
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) |
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] |
| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href |
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) |
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] |
| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href |
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) |
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] |
| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href |
| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href |
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) |
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) |
| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] |
| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] |
| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) |
| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) |
| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params |
| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri |
| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri |
| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri |
| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri |
| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri |
| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri |
| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri |
| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri |
| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri |
| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri |
| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri |
| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | provenance | |
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:91 | documen ... bstr(1) | provenance | Config |
| react.js:23:19:23:40 | documen ... on.hash | react.js:23:19:23:50 | documen ... bstr(1) | provenance | Config |
| react.js:31:43:31:64 | documen ... on.hash | react.js:31:43:31:74 | documen ... bstr(1) | provenance | Config |
| react.js:37:43:37:64 | documen ... on.hash | react.js:37:43:37:74 | documen ... bstr(1) | provenance | Config |
| react.js:43:19:43:40 | documen ... on.hash | react.js:43:19:43:50 | documen ... bstr(1) | provenance | Config |
| regexp-exec.js:4:11:4:20 | [, group1] | regexp-exec.js:4:11:4:57 | group1 | provenance | |
| regexp-exec.js:4:11:4:57 | group1 | regexp-exec.js:5:28:5:33 | group1 | provenance | |
| regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | regexp-exec.js:4:11:4:20 | [, group1] | provenance | |
| regexp-exec.js:4:37:4:56 | window.location.href | regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | provenance | Config |
| regexp-exec.js:9:11:9:20 | [, group1] | regexp-exec.js:9:11:9:58 | group1 | provenance | |
| regexp-exec.js:9:11:9:58 | group1 | regexp-exec.js:10:28:10:33 | group1 | provenance | |
| regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | regexp-exec.js:9:11:9:20 | [, group1] | provenance | |
| regexp-exec.js:9:38:9:57 | window.location.href | regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | provenance | Config |
| regexp-exec.js:29:11:29:20 | [, group1] | regexp-exec.js:29:11:29:58 | group1 | provenance | |
| regexp-exec.js:29:11:29:58 | group1 | regexp-exec.js:30:28:30:33 | group1 | provenance | |
| regexp-exec.js:29:24:29:43 | window.location.href | regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | provenance | Config |
| regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | regexp-exec.js:29:11:29:20 | [, group1] | provenance | |
| regexp-exec.js:34:11:34:20 | [, group1] | regexp-exec.js:34:11:34:64 | group1 | provenance | |
| regexp-exec.js:34:11:34:64 | group1 | regexp-exec.js:35:28:35:33 | group1 | provenance | |
| regexp-exec.js:34:24:34:43 | window.location.href | regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | provenance | Config |
| regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | regexp-exec.js:34:11:34:20 | [, group1] | provenance | |
| regexp-exec.js:39:11:39:20 | [, group1] | regexp-exec.js:39:11:39:71 | group1 | provenance | |
| regexp-exec.js:39:11:39:71 | group1 | regexp-exec.js:40:28:40:33 | group1 | provenance | |
| regexp-exec.js:39:24:39:71 | new Reg ... n.href) | regexp-exec.js:39:11:39:20 | [, group1] | provenance | |
| regexp-exec.js:39:51:39:70 | window.location.href | regexp-exec.js:39:24:39:71 | new Reg ... n.href) | provenance | Config |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | provenance | |
| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | provenance | |
| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | provenance | |
| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | provenance | |
| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | provenance | |
| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | provenance | Config |
| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | provenance | |
| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | provenance | |
| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | provenance | |
| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | provenance | |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | provenance | Config |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | provenance | Config |
| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | provenance | Config |
| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:23:5:59 | documen ... ring(1) | provenance | Config |
| tst10.js:5:23:5:59 | documen ... ring(1) | tst10.js:5:17:5:59 | '/' + d ... ring(1) | provenance | |
| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:24:8:60 | documen ... ring(1) | provenance | Config |
| tst10.js:8:24:8:60 | documen ... ring(1) | tst10.js:8:17:8:60 | '//' + ... ring(1) | provenance | |
| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:27:11:63 | documen ... ring(1) | provenance | Config |
| tst10.js:11:27:11:63 | documen ... ring(1) | tst10.js:11:17:11:63 | '//foo' ... ring(1) | provenance | |
| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:33:14:69 | documen ... ring(1) | provenance | Config |
| tst10.js:14:33:14:69 | documen ... ring(1) | tst10.js:14:17:14:69 | 'https: ... ring(1) | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | provenance | |
| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | provenance | |
| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | provenance | Config |
| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | provenance | |
| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | provenance | |
| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | provenance | |
| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | provenance | |
| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | provenance | Config |
| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | provenance | |
| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | provenance | |
| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | provenance | |
| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | provenance | |
| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | provenance | |
| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | provenance | |
| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | provenance | |
| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | provenance | |
| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | provenance | |
| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | provenance | |
| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | provenance | |
| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | provenance | Config |
| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | provenance | |
| tst15.js:2:9:2:42 | url | tst15.js:3:23:3:25 | url | provenance | |
| tst15.js:2:9:2:42 | url | tst15.js:4:23:4:25 | url | provenance | |
| tst15.js:2:9:2:42 | url | tst15.js:5:23:5:25 | url | provenance | |
| tst15.js:2:15:2:31 | document.location | tst15.js:2:15:2:42 | documen ... tring() | provenance | |
| tst15.js:2:15:2:42 | documen ... tring() | tst15.js:2:9:2:42 | url | provenance | |
| tst15.js:3:23:3:25 | url | tst15.js:3:23:3:38 | url.substring(0) | provenance | |
| tst15.js:3:23:3:38 | url.substring(0) | tst15.js:3:23:3:51 | url.sub ... ring(1) | provenance | Config |
| tst15.js:4:23:4:25 | url | tst15.js:4:23:4:42 | url.substring(0, 10) | provenance | |
| tst15.js:4:23:4:42 | url.substring(0, 10) | tst15.js:4:23:4:55 | url.sub ... ring(1) | provenance | Config |
| tst15.js:5:23:5:25 | url | tst15.js:5:23:5:60 | url.sub ... ', 10)) | provenance | |
| tst15.js:5:23:5:60 | url.sub ... ', 10)) | tst15.js:5:23:5:73 | url.sub ... ring(1) | provenance | Config |
| tst15.js:7:9:7:43 | url2 | tst15.js:8:23:8:26 | url2 | provenance | |
| tst15.js:7:9:7:43 | url2 | tst15.js:9:23:9:26 | url2 | provenance | |
| tst15.js:7:9:7:43 | url2 | tst15.js:10:23:10:26 | url2 | provenance | |
| tst15.js:7:16:7:32 | document.location | tst15.js:7:16:7:43 | documen ... tring() | provenance | |
| tst15.js:7:16:7:43 | documen ... tring() | tst15.js:7:9:7:43 | url2 | provenance | |
| tst15.js:8:23:8:26 | url2 | tst15.js:8:23:8:39 | url2.substring(0) | provenance | |
| tst15.js:8:23:8:39 | url2.substring(0) | tst15.js:8:23:8:60 | url2.su ... nown()) | provenance | Config |
| tst15.js:9:23:9:26 | url2 | tst15.js:9:23:9:43 | url2.su ... (0, 10) | provenance | |
| tst15.js:9:23:9:43 | url2.su ... (0, 10) | tst15.js:9:23:9:64 | url2.su ... nown()) | provenance | Config |
| tst15.js:10:23:10:26 | url2 | tst15.js:10:23:10:62 | url2.su ... ', 10)) | provenance | |
| tst15.js:10:23:10:62 | url2.su ... ', 10)) | tst15.js:10:23:10:83 | url2.su ... nown()) | provenance | Config |
| tst15.js:12:9:12:52 | search | tst15.js:13:23:13:28 | search | provenance | |
| tst15.js:12:9:12:52 | search | tst15.js:14:23:14:28 | search | provenance | |
| tst15.js:12:9:12:52 | search | tst15.js:15:23:15:28 | search | provenance | |
| tst15.js:12:18:12:41 | documen ... .search | tst15.js:12:18:12:52 | documen ... tring() | provenance | |
| tst15.js:12:18:12:52 | documen ... tring() | tst15.js:12:9:12:52 | search | provenance | |
| tst15.js:13:23:13:28 | search | tst15.js:13:23:13:41 | search.substring(0) | provenance | |
| tst15.js:13:23:13:41 | search.substring(0) | tst15.js:13:23:13:54 | search. ... ring(1) | provenance | Config |
| tst15.js:14:23:14:28 | search | tst15.js:14:23:14:45 | search. ... (0, 10) | provenance | |
| tst15.js:14:23:14:45 | search. ... (0, 10) | tst15.js:14:23:14:58 | search. ... ring(1) | provenance | Config |
| tst15.js:15:23:15:28 | search | tst15.js:15:23:15:66 | search. ... ', 10)) | provenance | |
| tst15.js:15:23:15:66 | search. ... ', 10)) | tst15.js:15:23:15:79 | search. ... ring(1) | provenance | Config |
| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | provenance | |
| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | provenance | Config |
| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | provenance | |
| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | provenance | Config |
| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | provenance | |
| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | provenance | Config |
| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | provenance | |
| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | provenance | Config |
| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | provenance | |
| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | provenance | Config |
| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | provenance | |
| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config |
| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | |
| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config |
| typed.ts:4:13:4:49 | params | typed.ts:5:25:5:30 | params | provenance | |
| typed.ts:4:22:4:36 | location.search | typed.ts:4:22:4:49 | locatio ... ring(1) | provenance | Config |
| typed.ts:4:22:4:49 | locatio ... ring(1) | typed.ts:4:13:4:49 | params | provenance | |
| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | provenance | |
| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | provenance | |
| typed.ts:25:25:25:34 | loc.search | typed.ts:25:25:25:47 | loc.sea ... ring(1) | provenance | Config |
| typed.ts:25:25:25:47 | loc.sea ... ring(1) | typed.ts:28:24:28:34 | redirectUri | provenance | |
| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | provenance | |
| typed.ts:47:25:47:34 | loc.search | typed.ts:47:25:47:47 | loc.sea ... ring(1) | provenance | Config |
| typed.ts:47:25:47:47 | loc.sea ... ring(1) | typed.ts:51:24:51:34 | redirectUri | provenance | |
| typed.ts:48:26:48:36 | loc2.search | typed.ts:48:26:48:49 | loc2.se ... ring(1) | provenance | Config |
| typed.ts:48:26:48:49 | loc2.se ... ring(1) | typed.ts:55:25:55:35 | redirectUri | provenance | |
| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | provenance | |
| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | provenance | |
subpaths
#select
| electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value |
| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value |
| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:21:24:21:45 | documen ... on.hash | user-provided value |
| react.js:28:43:28:74 | documen ... bstr(1) | react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:28:43:28:64 | documen ... on.hash | user-provided value |
| react.js:34:43:34:74 | documen ... bstr(1) | react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:34:43:34:64 | documen ... on.hash | user-provided value |
| react.js:40:19:40:50 | documen ... bstr(1) | react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:40:19:40:40 | documen ... on.hash | user-provided value |
| react.js:10:60:10:91 | documen ... bstr(1) | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:91 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value |
| react.js:23:19:23:50 | documen ... bstr(1) | react.js:23:19:23:40 | documen ... on.hash | react.js:23:19:23:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:23:19:23:40 | documen ... on.hash | user-provided value |
| react.js:31:43:31:74 | documen ... bstr(1) | react.js:31:43:31:64 | documen ... on.hash | react.js:31:43:31:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:31:43:31:64 | documen ... on.hash | user-provided value |
| react.js:37:43:37:74 | documen ... bstr(1) | react.js:37:43:37:64 | documen ... on.hash | react.js:37:43:37:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:37:43:37:64 | documen ... on.hash | user-provided value |
| react.js:43:19:43:50 | documen ... bstr(1) | react.js:43:19:43:40 | documen ... on.hash | react.js:43:19:43:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:43:19:43:40 | documen ... on.hash | user-provided value |
| regexp-exec.js:5:28:5:33 | group1 | regexp-exec.js:4:37:4:56 | window.location.href | regexp-exec.js:5:28:5:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:4:37:4:56 | window.location.href | user-provided value |
| regexp-exec.js:10:28:10:33 | group1 | regexp-exec.js:9:38:9:57 | window.location.href | regexp-exec.js:10:28:10:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:9:38:9:57 | window.location.href | user-provided value |
| regexp-exec.js:30:28:30:33 | group1 | regexp-exec.js:29:24:29:43 | window.location.href | regexp-exec.js:30:28:30:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:29:24:29:43 | window.location.href | user-provided value |
| regexp-exec.js:35:28:35:33 | group1 | regexp-exec.js:34:24:34:43 | window.location.href | regexp-exec.js:35:28:35:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:34:24:34:43 | window.location.href | user-provided value |
| regexp-exec.js:40:28:40:33 | group1 | regexp-exec.js:39:51:39:70 | window.location.href | regexp-exec.js:40:28:40:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:39:51:39:70 | window.location.href | user-provided value |
| sanitizer.js:4:27:4:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:4:27:4:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:16:27:16:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:16:27:16:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:19:27:19:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:19:27:19:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
@@ -445,19 +352,17 @@ edges
| sanitizer.js:28:27:28:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:28:27:28:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:28 | window.location | user-provided value |
| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value |
| tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
| tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value |
| tst6.js:8:21:8:56 | $locati ... + "foo" | tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | Untrusted URL redirection depends on a $@. | tst6.js:8:21:8:48 | $locati ... irect') | user-provided value |
| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | Untrusted URL redirection depends on a $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value |
| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | Untrusted URL redirection depends on a $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value |
| tst7.js:2:12:2:48 | documen ... ring(1) | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value |
| tst7.js:5:27:5:63 | documen ... ring(1) | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value |
| tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst9.js:2:21:2:42 | documen ... on.hash | user-provided value |
| tst10.js:5:17:5:46 | '/' + d ... .search | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | Untrusted URL redirection depends on a $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value |
| tst10.js:8:17:8:47 | '//' + ... .search | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value |
| tst10.js:11:17:11:50 | '//foo' ... .search | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value |
| tst10.js:14:17:14:56 | 'https: ... .search | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value |
| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:39 | window.location.hash | tst12.js:5:23:5:25 | loc | Untrusted URL redirection depends on a $@. | tst12.js:3:20:3:39 | window.location.hash | user-provided value |
| tst10.js:5:17:5:59 | '/' + d ... ring(1) | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:59 | '/' + d ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value |
| tst10.js:8:17:8:60 | '//' + ... ring(1) | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:60 | '//' + ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value |
| tst10.js:11:17:11:63 | '//foo' ... ring(1) | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:63 | '//foo' ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value |
| tst10.js:14:17:14:69 | 'https: ... ring(1) | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:69 | 'https: ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value |
| tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:4:15:4:21 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:8:21:8:27 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
| tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:12:14:12:20 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value |
@@ -478,17 +383,20 @@ edges
| tst13.js:81:28:81:30 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:81:28:81:30 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value |
| tst13.js:82:27:82:29 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:82:27:82:29 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value |
| tst13.js:83:22:83:24 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:83:22:83:24 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:63 | document.location | user-provided value |
| tst15.js:3:23:3:51 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:3:23:3:51 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value |
| tst15.js:4:23:4:55 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:4:23:4:55 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value |
| tst15.js:5:23:5:73 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:5:23:5:73 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value |
| tst15.js:8:23:8:60 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:8:23:8:60 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value |
| tst15.js:9:23:9:64 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:9:23:9:64 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value |
| tst15.js:10:23:10:83 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:10:23:10:83 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value |
| tst15.js:13:23:13:54 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:13:23:13:54 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value |
| tst15.js:14:23:14:58 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:14:23:14:58 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value |
| tst15.js:15:23:15:79 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:15:23:15:79 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value |
| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value |
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:50 | document.location | user-provided value |
| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value |
| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:75 | document.location | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:75 | document.location | user-provided value |
| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value |
| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:50 | document.location | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:50 | document.location | user-provided value |
| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value |
| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:75 | document.location | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:75 | document.location | user-provided value |
| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value |
| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:50 | document.location | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:50 | document.location | user-provided value |
| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value |
| tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value |
| typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value |

0
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.expected Normal file
View File

9
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.ql Normal file
View File

@@ -0,0 +1,9 @@
import javascript
import semmle.javascript.security.dataflow.ClientSideUrlRedirectQuery
import utils.test.ConsistencyChecking
deprecated class ClientSideUrlRedirectConsistency extends ConsistencyConfiguration {
ClientSideUrlRedirectConsistency() { this = "ClientSideUrlRedirectConsistency" }
override DataFlow::Node getAnAlert() { ClientSideUrlRedirectFlow::flowTo(result) }
}

19
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/react.js vendored
View File

@@ -1,13 +1,13 @@
import React from "react";
import {Helmet} from "react-helmet";
class Application extends React.Component {
render () {
return (
<div className="application">
<Helmet>
<title>My unsafe app</title>
<script type="application/javascript" src={document.location.hash}/>
<script type="application/javascript" src={document.location.hash.substr(1)}/> {/* NOT OK */}
</Helmet>
</div>
);
@@ -18,28 +18,31 @@ export default Application
import Link from 'next/link'
export function NextLink() {
return <Link href={document.location.hash}><a>this page!</a></Link>;
return <>
<Link href={document.location.hash}><a>safe</a></Link> {/* OK */}
<Link href={document.location.hash.substr(1)}><a>unsafe</a></Link> {/* NOT OK */}
</>;
}
import { useRouter } from 'next/router'
export function nextRouter() {
const router = useRouter();
return <span onClick={() => router.push(document.location.hash.substr(1))}>Click to XSS 1</span>
return <span onClick={() => router.push(document.location.hash.substr(1))}>Click to XSS 1</span> // NOT OK
}
import { withRouter } from 'next/router'
function Page({ router }) {
return <span onClick={() => router.push(document.location.hash.substr(1))}>Click to XSS 2</span>
return <span onClick={() => router.push(document.location.hash.substr(1))}>Click to XSS 2</span> // NOT OK
}
export const pageWithRouter = withRouter(Page);
export function plainLink() {
return <a href={document.location.hash.substr(1)}>my plain link!</a>;
return <a href={document.location.hash.substr(1)}>my plain link!</a>; // NOT OK
}
export function someUnknown() {
return <FOO data={document.location.hash.substr(1)}>is safe.</FOO>;
}
return <FOO data={document.location.hash.substr(1)}>is safe.</FOO>; // OK
}

41
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/regexp-exec.js Normal file
View File

@@ -0,0 +1,41 @@
import 'dummy';
function extractFromHash() {
const [, group1] = /#(.*)/.exec(window.location.href);
window.location.href = group1; // NOT OK
}
function extractFromQuery() {
const [, group1] = /\?(.*)/.exec(window.location.href);
window.location.href = group1; // NOT OK
}
function extractFromProtocol() {
const [, group1] = /^([a-z]+:)/.exec(window.location.href);
window.location.href = group1; // OK
}
function extractTooMuch() {
const [, group1] = /(.*)/.exec(window.location.href);
window.location.href = group1; // OK
}
function extractNothing() {
const [, group1] = /blah#baz/.exec(window.location.href);
window.location.href = group1; // OK
}
function extractWithMatch() {
const [, group1] = window.location.href.match(/#(.*)/);
window.location.href = group1; // NOT OK
}
function extractWithMatchAll() {
const [, group1] = window.location.href.matchAll(/#(.*)/)[0];
window.location.href = group1; // NOT OK
}
function extractFromUnknownRegExp() {
const [, group1] = new RegExp(unknown()).exec(window.location.href);
window.location.href = group1; // NOT OK
}

2
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst.js
View File

@@ -26,4 +26,4 @@ function foo(win) {
win.location.assign(new RegExp(/.*redirect=([^&]*).*/).exec(win.location.href)[1]); // NOT OK
}
foo(window);
foo(window);

10
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst10.js
View File

@@ -1,14 +1,14 @@
// OK - cannot affect hostname
location.href = '/foo' + document.location.search;
location.href = '/foo' + document.location.search.substring(1);
// NOT OK
location.href = '/' + document.location.search;
location.href = '/' + document.location.search.substring(1);
// NOT OK
location.href = '//' + document.location.search;
location.href = '//' + document.location.search.substring(1);
// NOT OK
location.href = '//foo' + document.location.search;
location.href = '//foo' + document.location.search.substring(1);
// NOT OK
location.href = 'https://foo' + document.location.search;
location.href = 'https://foo' + document.location.search.substring(1);

3
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst12.js
View File

@@ -1,6 +1,5 @@
// NOT OK
function foo() {
var urlParts = window.location.hash.split('?');
var loc = urlParts[0] + "?" + boxes.value;
window.location = loc
window.location = loc; // OK - always starts with '#'
}

44
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst13.js
View File

@@ -1,48 +1,48 @@
function foo() {
var payload = document.location.search.substr(1);
var el = document.createElement("a");
el.href = payload;
document.body.appendChild(el); // NOT OK
el.href = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("button");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("embed");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("form");
el.action = payload;
document.body.appendChild(el); // NOT OK
el.action = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("frame");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("iframe");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("input");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("isindex");
el.action = payload;
document.body.appendChild(el); // NOT OK
el.action = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("isindex");
el.formaction = payload;
document.body.appendChild(el); // NOT OK
el.formaction = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("object");
el.data = payload;
document.body.appendChild(el); // NOT OK
el.data = payload; // NOT OK
document.body.appendChild(el);
var el = document.createElement("script");
el.src = payload;
document.body.appendChild(el); // NOT OK
el.src = payload; // NOT OK
document.body.appendChild(el);
}
(function () {

22
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js Normal file
View File

@@ -0,0 +1,22 @@
function foo() {
var url = document.location.toString();
window.location = url.substring(0).substring(1); // OK [INCONSISTENCY] - but not important
window.location = url.substring(0, 10).substring(1); // OK [INCONSISTENCY]
window.location = url.substring(0, url.indexOf('/', 10)).substring(1); // OK [INCONSISTENCY]
var url2 = document.location.toString();
window.location = url2.substring(0).substring(unknown()); // NOT OK
window.location = url2.substring(0, 10).substring(unknown()); // NOT OK
window.location = url2.substring(0, url2.indexOf('/', 10)).substring(unknown()); // NOT OK
var search = document.location.search.toString();
window.location = search.substring(0).substring(1); // NOT OK
window.location = search.substring(0, 10).substring(1); // NOT OK
window.location = search.substring(0, search.indexOf('/', 10)).substring(1); // NOT OK
}
function bar() {
var url = new URL(window.location);
window.location = url.origin; // OK
window.location = url.origin.substring(10); // OK
}

4
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst7.js
View File

@@ -1,5 +1,5 @@
// NOT OK
new Worker(document.location.search);
new Worker(document.location.search.substring(1));
// NOT OK
$("<script>").attr("src", document.location.search);
$("<script>").attr("src", document.location.search.substring(1));

28
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/typed.ts
View File

@@ -1,11 +1,11 @@
export class MyComponent {
componentDidMount() {
const { location }: { location: Location } = (this as any).props;
var params = location.search;
var params = location.search.substring(1);
this.doRedirect(params);
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri);
window.location.replace(redirectUri); // NOT OK
}
}
@@ -17,16 +17,16 @@ export class MyTrackingComponent {
loc: location
};
var secondLoc = container.loc; // type-tracking step 1 - not the source
this.myIndirectRedirect(secondLoc);
this.myIndirectRedirect(secondLoc);
}
private myIndirectRedirect(loc) { // type-tracking step 2 - also not the source
this.doRedirect(loc.search);
this.doRedirect(loc.search.substring(1));
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri);
window.location.replace(redirectUri); // NOT OK
}
}
@@ -38,21 +38,21 @@ export class WeirdTracking {
loc: location
};
var secondLoc = container.loc; // type-tracking step 1 - not the source
this.myIndirectRedirect(secondLoc);
this.myIndirectRedirect(secondLoc);
}
private myIndirectRedirect(loc) { // type-tracking step 2 - also not the source
const loc2 : Location = (loc as any).componentDidMount;
this.doRedirect(loc.search);
this.doRedirect2(loc2.search);
const loc2: Location = (loc as any).componentDidMount;
this.doRedirect(loc.search.substring(1));
this.doRedirect2(loc2.search.substring(1));
}
private doRedirect(redirectUri: string) {
window.location.replace(redirectUri); // NOT OK - and correctly flagged
window.location.replace(redirectUri); // NOT OK
}
private doRedirect2(redirectUri: string) {
window.location.replace(redirectUri); // NOT OK - and correctly flagged
window.location.replace(redirectUri); // NOT OK
}
}
}

338
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
View File

@@ -1,223 +1,131 @@
nodes
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] |
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] |
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] |
| express.js:7:16:7:34 | req.param("target") |
| express.js:7:16:7:34 | req.param("target") |
| express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target |
| express.js:27:16:27:34 | req.param("target") |
| express.js:27:16:27:34 | req.param("target") |
| express.js:33:18:33:23 | target |
| express.js:33:18:33:23 | target |
| express.js:35:16:35:21 | target |
| express.js:35:16:35:21 | target |
| express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') |
| express.js:40:69:40:87 | req.param('action') |
| express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") |
| express.js:74:19:74:37 | req.param("target") |
| express.js:83:7:83:34 | target |
| express.js:83:16:83:34 | req.param("target") |
| express.js:83:16:83:34 | req.param("target") |
| express.js:90:18:90:23 | target |
| express.js:90:18:90:23 | target |
| express.js:97:16:97:21 | target |
| express.js:97:16:97:21 | target |
| express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page |
| express.js:118:17:118:30 | req.query.page |
| express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user |
| express.js:134:22:134:36 | req.params.user |
| express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user |
| express.js:135:23:135:37 | req.params.user |
| express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user |
| express.js:136:22:136:36 | req.params.user |
| express.js:143:16:143:28 | req.query.foo |
| express.js:143:16:143:28 | req.query.foo |
| express.js:143:16:143:28 | req.query.foo |
| express.js:146:16:146:24 | query.foo |
| express.js:146:16:146:24 | query.foo |
| express.js:146:16:146:24 | query.foo |
| express.js:150:7:150:34 | target |
| express.js:150:16:150:34 | req.param("target") |
| express.js:150:16:150:34 | req.param("target") |
| express.js:155:18:155:23 | target |
| express.js:155:18:155:23 | target |
| express.js:160:18:160:23 | target |
| express.js:160:18:160:23 | target |
| express.js:164:7:164:54 | myThing |
| express.js:164:17:164:41 | JSON.st ... .query) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) |
| express.js:164:32:164:40 | req.query |
| express.js:164:32:164:40 | req.query |
| express.js:165:16:165:22 | myThing |
| express.js:165:16:165:22 | myThing |
| koa.js:6:6:6:27 | url |
| koa.js:6:12:6:27 | ctx.query.target |
| koa.js:6:12:6:27 | ctx.query.target |
| koa.js:7:15:7:17 | url |
| koa.js:7:15:7:17 | url |
| koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:18:8:20 | url |
| koa.js:14:16:14:18 | url |
| koa.js:14:16:14:18 | url |
| koa.js:20:16:20:18 | url |
| koa.js:20:16:20:18 | url |
| next.ts:11:31:11:38 | req.body |
| next.ts:11:31:11:38 | req.body |
| next.ts:11:31:11:50 | req.body.callbackUrl |
| next.ts:11:31:11:50 | req.body.callbackUrl |
| node.js:5:7:5:52 | target |
| node.js:5:16:5:39 | url.par ... , true) |
| node.js:5:16:5:45 | url.par ... ).query |
| node.js:5:16:5:52 | url.par ... .target |
| node.js:5:26:5:32 | req.url |
| node.js:5:26:5:32 | req.url |
| node.js:6:34:6:39 | target |
| node.js:6:34:6:39 | target |
| node.js:10:7:10:52 | target |
| node.js:10:16:10:39 | url.par ... , true) |
| node.js:10:16:10:45 | url.par ... ).query |
| node.js:10:16:10:52 | url.par ... .target |
| node.js:10:26:10:32 | req.url |
| node.js:10:26:10:32 | req.url |
| node.js:14:34:14:45 | '/' + target |
| node.js:14:34:14:45 | '/' + target |
| node.js:14:40:14:45 | target |
| node.js:28:7:28:52 | target |
| node.js:28:16:28:39 | url.par ... , true) |
| node.js:28:16:28:45 | url.par ... ).query |
| node.js:28:16:28:52 | url.par ... .target |
| node.js:28:26:28:32 | req.url |
| node.js:28:26:28:32 | req.url |
| node.js:31:34:31:39 | target |
| node.js:31:34:31:55 | target ... =" + me |
| node.js:31:34:31:55 | target ... =" + me |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:17:8:23 | tainted |
| react-native.js:8:17:8:23 | tainted |
| react-native.js:9:26:9:32 | tainted |
| react-native.js:9:26:9:32 | tainted |
edges
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] |
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") |
| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` |
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target |
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user |
| express.js:143:16:143:28 | req.query.foo | express.js:143:16:143:28 | req.query.foo |
| express.js:146:16:146:24 | query.foo | express.js:146:16:146:24 | query.foo |
| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target |
| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target |
| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target |
| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target |
| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target |
| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target |
| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing |
| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing |
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing |
| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) |
| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url |
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url |
| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url |
| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` |
| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl |
| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target |
| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target |
| node.js:5:16:5:39 | url.par ... , true) | node.js:5:16:5:45 | url.par ... ).query |
| node.js:5:16:5:45 | url.par ... ).query | node.js:5:16:5:52 | url.par ... .target |
| node.js:5:16:5:52 | url.par ... .target | node.js:5:7:5:52 | target |
| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) |
| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) |
| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target |
| node.js:10:16:10:39 | url.par ... , true) | node.js:10:16:10:45 | url.par ... ).query |
| node.js:10:16:10:45 | url.par ... ).query | node.js:10:16:10:52 | url.par ... .target |
| node.js:10:16:10:52 | url.par ... .target | node.js:10:7:10:52 | target |
| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) |
| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) |
| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target |
| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target |
| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target |
| node.js:28:16:28:39 | url.par ... , true) | node.js:28:16:28:45 | url.par ... ).query |
| node.js:28:16:28:45 | url.par ... ).query | node.js:28:16:28:52 | url.par ... .target |
| node.js:28:16:28:52 | url.par ... .target | node.js:28:7:28:52 | target |
| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) |
| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) |
| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me |
| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | provenance | |
| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | provenance | |
| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | provenance | |
| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | provenance | |
| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | provenance | |
| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | provenance | |
| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | provenance | |
| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | provenance | |
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | provenance | |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | provenance | |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | provenance | |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:118:16:118:63 | [req.qu ... ection] [0] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] [0] | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | provenance | |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | provenance | |
| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | provenance | |
| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | provenance | |
| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | provenance | |
| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | provenance | |
| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | provenance | |
| express.js:164:7:164:54 | myThing [ArrayElement] | express.js:165:16:165:22 | myThing | provenance | |
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | provenance | |
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | provenance | |
| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | provenance | |
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | express.js:164:7:164:54 | myThing [ArrayElement] | provenance | |
| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | provenance | |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | provenance | |
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | provenance | |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | provenance | |
| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | provenance | |
| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | provenance | |
| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | provenance | |
| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | provenance | |
| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | provenance | |
| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | provenance | |
| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | provenance | |
| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | provenance | |
| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | provenance | |
| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | provenance | |
| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | provenance | |
| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | provenance | |
| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | provenance | |
| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | provenance | |
| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | provenance | |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
nodes
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | semmle.label | req.query["target"] |
| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | semmle.label | target |
| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | semmle.label | req.query["target"] |
| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | semmle.label | target |
| express.js:7:16:7:34 | req.param("target") | semmle.label | req.param("target") |
| express.js:12:26:12:44 | req.param("target") | semmle.label | req.param("target") |
| express.js:27:7:27:34 | target | semmle.label | target |
| express.js:27:16:27:34 | req.param("target") | semmle.label | req.param("target") |
| express.js:30:18:30:23 | target | semmle.label | target |
| express.js:33:18:33:23 | target | semmle.label | target |
| express.js:35:16:35:21 | target | semmle.label | target |
| express.js:40:16:40:108 | (req.pa ... ntacts" | semmle.label | (req.pa ... ntacts" |
| express.js:40:69:40:87 | req.param('action') | semmle.label | req.param('action') |
| express.js:74:16:74:43 | `${req. ... )}/foo` | semmle.label | `${req. ... )}/foo` |
| express.js:74:19:74:37 | req.param("target") | semmle.label | req.param("target") |
| express.js:83:7:83:34 | target | semmle.label | target |
| express.js:83:16:83:34 | req.param("target") | semmle.label | req.param("target") |
| express.js:90:18:90:23 | target | semmle.label | target |
| express.js:97:16:97:21 | target | semmle.label | target |
| express.js:118:16:118:63 | [req.qu ... ection] | semmle.label | [req.qu ... ection] |
| express.js:118:16:118:63 | [req.qu ... ection] [0] | semmle.label | [req.qu ... ection] [0] |
| express.js:118:16:118:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page | semmle.label | req.query.page |
| express.js:134:16:134:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user |
| express.js:134:22:134:36 | req.params.user | semmle.label | req.params.user |
| express.js:135:16:135:37 | '//' + ... ms.user | semmle.label | '//' + ... ms.user |
| express.js:135:23:135:37 | req.params.user | semmle.label | req.params.user |
| express.js:136:16:136:36 | 'u' + r ... ms.user | semmle.label | 'u' + r ... ms.user |
| express.js:136:22:136:36 | req.params.user | semmle.label | req.params.user |
| express.js:143:16:143:28 | req.query.foo | semmle.label | req.query.foo |
| express.js:146:16:146:24 | query.foo | semmle.label | query.foo |
| express.js:150:7:150:34 | target | semmle.label | target |
| express.js:150:16:150:34 | req.param("target") | semmle.label | req.param("target") |
| express.js:155:18:155:23 | target | semmle.label | target |
| express.js:160:18:160:23 | target | semmle.label | target |
| express.js:164:7:164:54 | myThing | semmle.label | myThing |
| express.js:164:7:164:54 | myThing [ArrayElement] | semmle.label | myThing [ArrayElement] |
| express.js:164:17:164:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | semmle.label | JSON.st ... (1, -1) [ArrayElement] |
| express.js:164:32:164:40 | req.query | semmle.label | req.query |
| express.js:165:16:165:22 | myThing | semmle.label | myThing |
| koa.js:6:6:6:27 | url | semmle.label | url |
| koa.js:6:12:6:27 | ctx.query.target | semmle.label | ctx.query.target |
| koa.js:7:15:7:17 | url | semmle.label | url |
| koa.js:8:15:8:26 | `${url}${x}` | semmle.label | `${url}${x}` |
| koa.js:8:18:8:20 | url | semmle.label | url |
| koa.js:14:16:14:18 | url | semmle.label | url |
| koa.js:20:16:20:18 | url | semmle.label | url |
| next.ts:11:31:11:38 | req.body | semmle.label | req.body |
| next.ts:11:31:11:50 | req.body.callbackUrl | semmle.label | req.body.callbackUrl |
| node.js:5:7:5:52 | target | semmle.label | target |
| node.js:5:16:5:39 | url.par ... , true) | semmle.label | url.par ... , true) |
| node.js:5:26:5:32 | req.url | semmle.label | req.url |
| node.js:6:34:6:39 | target | semmle.label | target |
| node.js:10:7:10:52 | target | semmle.label | target |
| node.js:10:16:10:39 | url.par ... , true) | semmle.label | url.par ... , true) |
| node.js:10:26:10:32 | req.url | semmle.label | req.url |
| node.js:14:34:14:45 | '/' + target | semmle.label | '/' + target |
| node.js:14:40:14:45 | target | semmle.label | target |
| node.js:28:7:28:52 | target | semmle.label | target |
| node.js:28:16:28:39 | url.par ... , true) | semmle.label | url.par ... , true) |
| node.js:28:26:28:32 | req.url | semmle.label | req.url |
| node.js:31:34:31:39 | target | semmle.label | target |
| node.js:31:34:31:55 | target ... =" + me | semmle.label | target ... =" + me |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
| react-native.js:8:17:8:23 | tainted | semmle.label | tainted |
| react-native.js:9:26:9:32 | tainted | semmle.label | tainted |
subpaths
#select
| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | user-provided value |
| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | user-provided value |
| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:7:16:7:34 | req.param("target") | user-provided value |
| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:12:26:12:44 | req.param("target") | user-provided value |
| express.js:30:18:30:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:30:18:30:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
| express.js:33:18:33:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:33:18:33:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
| express.js:35:16:35:21 | target | express.js:27:16:27:34 | req.param("target") | express.js:35:16:35:21 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value |
| express.js:40:16:40:108 | (req.pa ... ntacts" | express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | Untrusted URL redirection depends on a $@. | express.js:40:69:40:87 | req.param('action') | user-provided value |

62
javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected
View File

@@ -1,49 +1,21 @@
nodes
| domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:2:13:2:36 | documen ... .search |
| domparser.js:11:55:11:57 | src |
| domparser.js:11:55:11:57 | src |
| domparser.js:14:57:14:59 | src |
| domparser.js:14:57:14:59 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files |
| libxml.noent.js:16:27:16:35 | req.files |
| libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
edges
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products |
| libxml.noent.js:16:27:16:44 | req.files.products | libxml.noent.js:16:27:16:49 | req.fil ... ts.data |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") |
| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | |
| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | |
| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | |
| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | provenance | |
nodes
| domparser.js:2:7:2:36 | src | semmle.label | src |
| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search |
| domparser.js:11:55:11:57 | src | semmle.label | src |
| domparser.js:14:57:14:59 | src | semmle.label | src |
| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.noent.js:16:27:16:35 | req.files | semmle.label | req.files |
| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') |
| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") |
subpaths
#select
| domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |
| domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value |

25
javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected
View File

@@ -1,21 +1,12 @@
nodes
| tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host |
| tst.js:17:84:17:91 | req.host |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host |
| tst.js:18:78:18:85 | req.host |
edges
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | provenance | |
| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | provenance | |
nodes
| tst.js:17:11:17:113 | `Hi, lo ... token}` | semmle.label | `Hi, lo ... token}` |
| tst.js:17:84:17:91 | req.host | semmle.label | req.host |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` | semmle.label | `Hi, lo ... reset.` |
| tst.js:18:78:18:85 | req.host | semmle.label | req.host |
subpaths
#select
| tst.js:17:11:17:113 | `Hi, lo ... token}` | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | Links in this email can be hijacked by poisoning the $@. | tst.js:17:84:17:91 | req.host | HTTP host header |
| tst.js:18:11:18:127 | `Hi, lo ... reset.` | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | Links in this email can be hijacked by poisoning the $@. | tst.js:18:78:18:85 | req.host | HTTP host header |

73
javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected
View File

@@ -1,50 +1,31 @@
nodes
| XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName |
| tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:34 | documen ... on.hash |
| tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:2:27:2:31 | query |
| tst2.js:2:27:2:31 | query |
| tst2.js:3:19:3:23 | query |
| tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:6:17:6:37 | req.par ... rName") |
| tst.js:7:15:7:21 | tainted |
| tst.js:7:15:7:21 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:8:16:8:22 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:9:17:9:23 | tainted |
| tst.js:11:8:11:14 | tainted |
| tst.js:11:8:11:14 | tainted |
edges
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted |
| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | provenance | |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | provenance | |
| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | provenance | |
| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | provenance | |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | provenance | |
| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | provenance | |
| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | provenance | |
| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | provenance | |
| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | provenance | |
| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | provenance | |
| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | provenance | |
nodes
| XpathInjectionBad.js:6:7:6:38 | userName | semmle.label | userName |
| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | semmle.label | req.par ... rName") |
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | semmle.label | "//user ... text()" |
| XpathInjectionBad.js:9:66:9:73 | userName | semmle.label | userName |
| tst2.js:1:13:1:34 | documen ... on.hash | semmle.label | documen ... on.hash |
| tst2.js:1:13:1:47 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| tst2.js:2:27:2:31 | query | semmle.label | query |
| tst2.js:3:19:3:23 | query | semmle.label | query |
| tst.js:6:7:6:37 | tainted | semmle.label | tainted |
| tst.js:6:17:6:37 | req.par ... rName") | semmle.label | req.par ... rName") |
| tst.js:7:15:7:21 | tainted | semmle.label | tainted |
| tst.js:8:16:8:22 | tainted | semmle.label | tainted |
| tst.js:9:17:9:23 | tainted | semmle.label | tainted |
| tst.js:11:8:11:14 | tainted | semmle.label | tainted |
subpaths
#select
| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XPath expression depends on a $@. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | user-provided value |
| tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | XPath expression depends on a $@. | tst2.js:1:13:1:34 | documen ... on.hash | user-provided value |

268
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -1,159 +1,117 @@
nodes
| RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:40:23:40:27 | input |
| RegExpInjection.js:40:23:40:27 | input |
| RegExpInjection.js:41:26:41:30 | input |
| RegExpInjection.js:41:26:41:30 | input |
| RegExpInjection.js:42:25:42:29 | input |
| RegExpInjection.js:42:25:42:29 | input |
| RegExpInjection.js:45:24:45:28 | input |
| RegExpInjection.js:45:24:45:28 | input |
| RegExpInjection.js:46:27:46:31 | input |
| RegExpInjection.js:46:27:46:31 | input |
| RegExpInjection.js:47:26:47:30 | input |
| RegExpInjection.js:47:26:47:30 | input |
| RegExpInjection.js:54:14:54:16 | key |
| RegExpInjection.js:54:14:54:27 | key.split(".") |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) |
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") |
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") |
| RegExpInjection.js:60:31:60:56 | input |
| RegExpInjection.js:60:39:60:56 | req.param("input") |
| RegExpInjection.js:60:39:60:56 | req.param("input") |
| RegExpInjection.js:64:14:64:18 | input |
| RegExpInjection.js:64:14:64:18 | input |
| RegExpInjection.js:82:7:82:32 | input |
| RegExpInjection.js:82:15:82:32 | req.param("input") |
| RegExpInjection.js:82:15:82:32 | req.param("input") |
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" |
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" |
| RegExpInjection.js:87:25:87:29 | input |
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") |
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` |
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` |
| RegExpInjection.js:91:20:91:30 | process.env |
| RegExpInjection.js:91:20:91:30 | process.env |
| RegExpInjection.js:91:20:91:35 | process.env.HOME |
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` |
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` |
| RegExpInjection.js:93:20:93:31 | process.argv |
| RegExpInjection.js:93:20:93:31 | process.argv |
| RegExpInjection.js:93:20:93:34 | process.argv[1] |
| RegExpInjection.js:97:7:97:32 | input |
| RegExpInjection.js:97:15:97:32 | req.param("input") |
| RegExpInjection.js:97:15:97:32 | req.param("input") |
| RegExpInjection.js:99:7:99:106 | sanitized |
| RegExpInjection.js:99:19:99:23 | input |
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") |
| RegExpInjection.js:100:14:100:22 | sanitized |
| RegExpInjection.js:100:14:100:22 | sanitized |
| tst.js:5:9:5:29 | data |
| tst.js:5:16:5:29 | req.query.data |
| tst.js:5:16:5:29 | req.query.data |
| tst.js:6:16:6:35 | "^"+ data.name + "$" |
| tst.js:6:16:6:35 | "^"+ data.name + "$" |
| tst.js:6:21:6:24 | data |
| tst.js:6:21:6:29 | data.name |
edges
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") |
| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") |
| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input |
| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input |
| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input |
| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input |
| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input |
| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input |
| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input |
| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") |
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" |
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" |
| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME |
| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME |
| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` |
| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` |
| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] |
| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] |
| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` |
| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` |
| RegExpInjection.js:97:7:97:32 | input | RegExpInjection.js:99:19:99:23 | input |
| RegExpInjection.js:97:15:97:32 | req.param("input") | RegExpInjection.js:97:7:97:32 | input |
| RegExpInjection.js:97:15:97:32 | req.param("input") | RegExpInjection.js:97:7:97:32 | input |
| RegExpInjection.js:99:7:99:106 | sanitized | RegExpInjection.js:100:14:100:22 | sanitized |
| RegExpInjection.js:99:7:99:106 | sanitized | RegExpInjection.js:100:14:100:22 | sanitized |
| RegExpInjection.js:99:19:99:23 | input | RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") |
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | RegExpInjection.js:99:7:99:106 | sanitized |
| tst.js:5:9:5:29 | data | tst.js:6:21:6:24 | data |
| tst.js:5:16:5:29 | req.query.data | tst.js:5:9:5:29 | data |
| tst.js:5:16:5:29 | req.query.data | tst.js:5:9:5:29 | data |
| tst.js:6:21:6:24 | data | tst.js:6:21:6:29 | data.name |
| tst.js:6:21:6:29 | data.name | tst.js:6:16:6:35 | "^"+ data.name + "$" |
| tst.js:6:21:6:29 | data.name | tst.js:6:16:6:35 | "^"+ data.name + "$" |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | provenance | |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | provenance | |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | provenance | |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | provenance | |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | provenance | |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | provenance | |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | provenance | |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | provenance | |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | provenance | |
| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | provenance | |
| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | provenance | |
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | provenance | |
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | provenance | |
| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | provenance | |
| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | provenance | |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | provenance | |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | provenance | |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | provenance | |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | provenance | |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | provenance | |
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | provenance | |
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | provenance | |
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | provenance | |
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | provenance | |
| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | provenance | |
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | provenance | |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | |
| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | provenance | |
| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | provenance | |
| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | provenance | |
| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | provenance | |
| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | provenance | |
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | provenance | |
| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | provenance | |
| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | provenance | |
| RegExpInjection.js:97:7:97:32 | input | RegExpInjection.js:99:19:99:23 | input | provenance | |
| RegExpInjection.js:97:15:97:32 | req.param("input") | RegExpInjection.js:97:7:97:32 | input | provenance | |
| RegExpInjection.js:99:7:99:106 | sanitized | RegExpInjection.js:100:14:100:22 | sanitized | provenance | |
| RegExpInjection.js:99:19:99:23 | input | RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | provenance | |
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | RegExpInjection.js:99:7:99:106 | sanitized | provenance | |
| tst.js:5:9:5:29 | data | tst.js:6:21:6:24 | data | provenance | |
| tst.js:5:16:5:29 | req.query.data | tst.js:5:9:5:29 | data | provenance | |
| tst.js:6:21:6:24 | data | tst.js:6:16:6:35 | "^"+ data.name + "$" | provenance | |
nodes
| RegExpInjection.js:5:7:5:28 | key | semmle.label | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") |
| RegExpInjection.js:5:31:5:56 | input | semmle.label | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | semmle.label | req.param("input") |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | semmle.label | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key | semmle.label | key |
| RegExpInjection.js:10:17:10:17 | s | semmle.label | s |
| RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | semmle.label | "\\\\b" + wrap2(s) |
| RegExpInjection.js:11:20:11:27 | wrap2(s) | semmle.label | wrap2(s) |
| RegExpInjection.js:11:26:11:26 | s | semmle.label | s |
| RegExpInjection.js:14:18:14:18 | s | semmle.label | s |
| RegExpInjection.js:15:12:15:12 | s | semmle.label | s |
| RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | semmle.label | s + "=(.*)\\n" |
| RegExpInjection.js:19:14:19:22 | wrap(key) | semmle.label | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key | semmle.label | key |
| RegExpInjection.js:21:14:21:22 | wrap(key) | semmle.label | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | semmle.label | key |
| RegExpInjection.js:24:12:24:27 | req.param("key") | semmle.label | req.param("key") |
| RegExpInjection.js:27:14:27:21 | getKey() | semmle.label | getKey() |
| RegExpInjection.js:29:21:29:21 | s | semmle.label | s |
| RegExpInjection.js:31:23:31:23 | s | semmle.label | s |
| RegExpInjection.js:33:12:33:14 | key | semmle.label | key |
| RegExpInjection.js:34:12:34:19 | getKey() | semmle.label | getKey() |
| RegExpInjection.js:40:23:40:27 | input | semmle.label | input |
| RegExpInjection.js:41:26:41:30 | input | semmle.label | input |
| RegExpInjection.js:42:25:42:29 | input | semmle.label | input |
| RegExpInjection.js:45:24:45:28 | input | semmle.label | input |
| RegExpInjection.js:46:27:46:31 | input | semmle.label | input |
| RegExpInjection.js:47:26:47:30 | input | semmle.label | input |
| RegExpInjection.js:54:14:54:16 | key | semmle.label | key |
| RegExpInjection.js:54:14:54:27 | key.split(".") | semmle.label | key.split(".") |
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | semmle.label | key.split(".") [ArrayElement] |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | semmle.label | key.spl ... x => x) |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | semmle.label | key.spl ... x => x) [ArrayElement] |
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") |
| RegExpInjection.js:60:31:60:56 | input | semmle.label | input |
| RegExpInjection.js:60:39:60:56 | req.param("input") | semmle.label | req.param("input") |
| RegExpInjection.js:64:14:64:18 | input | semmle.label | input |
| RegExpInjection.js:82:7:82:32 | input | semmle.label | input |
| RegExpInjection.js:82:15:82:32 | req.param("input") | semmle.label | req.param("input") |
| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | semmle.label | "^.*\\.( ... + ")$" |
| RegExpInjection.js:87:25:87:29 | input | semmle.label | input |
| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | semmle.label | input.r ... g, "\|") |
| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
| RegExpInjection.js:91:20:91:30 | process.env | semmle.label | process.env |
| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` |
| RegExpInjection.js:93:20:93:31 | process.argv | semmle.label | process.argv |
| RegExpInjection.js:97:7:97:32 | input | semmle.label | input |
| RegExpInjection.js:97:15:97:32 | req.param("input") | semmle.label | req.param("input") |
| RegExpInjection.js:99:7:99:106 | sanitized | semmle.label | sanitized |
| RegExpInjection.js:99:19:99:23 | input | semmle.label | input |
| RegExpInjection.js:99:19:99:106 | input.r ... "\\\\$&") | semmle.label | input.r ... "\\\\$&") |
| RegExpInjection.js:100:14:100:22 | sanitized | semmle.label | sanitized |
| tst.js:5:9:5:29 | data | semmle.label | data |
| tst.js:5:16:5:29 | req.query.data | semmle.label | req.query.data |
| tst.js:6:16:6:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" |
| tst.js:6:21:6:24 | data | semmle.label | data |
subpaths
| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | RegExpInjection.js:11:20:11:27 | wrap2(s) |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:21:14:21:22 | wrap(key) |
#select
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |

299
javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected
View File

@@ -1,189 +1,120 @@
nodes
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action |
| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action |
| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action |
| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action |
| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action |
| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action |
| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action |
| tst.js:6:39:6:40 | ev |
| tst.js:6:39:6:40 | ev |
| tst.js:7:9:7:39 | name |
| tst.js:7:16:7:34 | JSON.parse(ev.data) |
| tst.js:7:16:7:39 | JSON.pa ... a).name |
| tst.js:7:27:7:28 | ev |
| tst.js:7:27:7:33 | ev.data |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:10 | ev |
| tst.js:9:9:9:15 | ev.data |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name |
| tst.js:17:9:17:22 | fn |
| tst.js:17:9:17:22 | fn |
| tst.js:17:14:17:22 | obj[name] |
| tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name |
| tst.js:18:5:18:6 | fn |
| tst.js:18:5:18:6 | fn |
| tst.js:18:5:18:6 | fn |
| tst.js:20:7:20:8 | fn |
| tst.js:20:7:20:8 | fn |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name |
| tst.js:22:11:22:12 | fn |
| tst.js:22:11:22:12 | fn |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name |
| tst.js:28:7:28:15 | obj[name] |
| tst.js:28:7:28:15 | obj[name] |
| tst.js:28:11:28:14 | name |
| tst.js:34:9:34:24 | key |
| tst.js:34:15:34:24 | "$" + name |
| tst.js:34:21:34:24 | name |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key |
| tst.js:37:7:37:14 | obj[key] |
| tst.js:37:7:37:14 | obj[key] |
| tst.js:37:11:37:13 | key |
| tst.js:47:39:47:40 | ev |
| tst.js:47:39:47:40 | ev |
| tst.js:48:9:48:39 | name |
| tst.js:48:16:48:34 | JSON.parse(ev.data) |
| tst.js:48:16:48:39 | JSON.pa ... a).name |
| tst.js:48:27:48:28 | ev |
| tst.js:48:27:48:33 | ev.data |
| tst.js:49:9:49:23 | fn |
| tst.js:49:14:49:23 | obj2[name] |
| tst.js:49:19:49:22 | name |
| tst.js:50:5:50:6 | fn |
| tst.js:50:5:50:6 | fn |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | semmle.label | ev |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | semmle.label | message |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | semmle.label | ev |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | semmle.label | ev.data |
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | semmle.label | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | semmle.label | message |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | semmle.label | message.name |
| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | semmle.label | action |
| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | semmle.label | actions ... action) |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | semmle.label | req.params.action |
| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | semmle.label | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | semmle.label | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | semmle.label | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | semmle.label | req.params.action |
| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | semmle.label | action |
| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | semmle.label | action |
| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | semmle.label | actions ... action) |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | semmle.label | req.params.action |
| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | semmle.label | action |
| tst.js:6:39:6:40 | ev | semmle.label | ev |
| tst.js:7:9:7:39 | name | semmle.label | name |
| tst.js:7:16:7:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) |
| tst.js:7:16:7:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name |
| tst.js:7:27:7:28 | ev | semmle.label | ev |
| tst.js:7:27:7:33 | ev.data | semmle.label | ev.data |
| tst.js:9:5:9:16 | obj[ev.data] | semmle.label | obj[ev.data] |
| tst.js:9:9:9:10 | ev | semmle.label | ev |
| tst.js:9:9:9:15 | ev.data | semmle.label | ev.data |
| tst.js:11:5:11:13 | obj[name] | semmle.label | obj[name] |
| tst.js:11:9:11:12 | name | semmle.label | name |
| tst.js:17:9:17:22 | fn | semmle.label | fn |
| tst.js:17:14:17:22 | obj[name] | semmle.label | obj[name] |
| tst.js:17:18:17:21 | name | semmle.label | name |
| tst.js:18:5:18:6 | fn | semmle.label | fn |
| tst.js:20:7:20:8 | fn | semmle.label | fn |
| tst.js:21:7:21:15 | obj[name] | semmle.label | obj[name] |
| tst.js:21:11:21:14 | name | semmle.label | name |
| tst.js:22:11:22:12 | fn | semmle.label | fn |
| tst.js:26:7:26:15 | obj[name] | semmle.label | obj[name] |
| tst.js:26:11:26:14 | name | semmle.label | name |
| tst.js:28:7:28:15 | obj[name] | semmle.label | obj[name] |
| tst.js:28:11:28:14 | name | semmle.label | name |
| tst.js:34:9:34:24 | key | semmle.label | key |
| tst.js:34:15:34:24 | "$" + name | semmle.label | "$" + name |
| tst.js:34:21:34:24 | name | semmle.label | name |
| tst.js:35:5:35:12 | obj[key] | semmle.label | obj[key] |
| tst.js:35:9:35:11 | key | semmle.label | key |
| tst.js:37:7:37:14 | obj[key] | semmle.label | obj[key] |
| tst.js:37:11:37:13 | key | semmle.label | key |
| tst.js:47:39:47:40 | ev | semmle.label | ev |
| tst.js:48:9:48:39 | name | semmle.label | name |
| tst.js:48:16:48:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) |
| tst.js:48:16:48:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name |
| tst.js:48:27:48:28 | ev | semmle.label | ev |
| tst.js:48:27:48:33 | ev.data | semmle.label | ev.data |
| tst.js:49:9:49:23 | fn | semmle.label | fn |
| tst.js:49:14:49:23 | obj2[name] | semmle.label | obj2[name] |
| tst.js:49:19:49:22 | name | semmle.label | name |
| tst.js:50:5:50:6 | fn | semmle.label | fn |
edges
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] |
| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action |
| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action |
| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] |
| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action |
| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action |
| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) |
| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev |
| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev |
| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev |
| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev |
| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name |
| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name |
| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name |
| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name |
| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name |
| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name |
| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name |
| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name |
| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data |
| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) |
| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] |
| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key |
| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key |
| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key |
| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev |
| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name |
| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name |
| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name |
| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data |
| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) |
| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn |
| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn |
| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn |
| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] |
| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | provenance | |
| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | provenance | |
| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | provenance | |
| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | provenance | Config |
| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | provenance | Config |
| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | provenance | Config |
| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | provenance | Config |
| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | provenance | |
| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | provenance | |
| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | provenance | Config |
| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | provenance | |
| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | provenance | |
| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | provenance | Config |
| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | provenance | |
| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | provenance | |
| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | provenance | Config |
| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | provenance | |
| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | provenance | |
| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | provenance | |
| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | provenance | |
| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | provenance | |
| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name | provenance | |
| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name | provenance | |
| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name | provenance | |
| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name | provenance | Config |
| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name | provenance | |
| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data | provenance | Config |
| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | provenance | Config |
| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | provenance | Config |
| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | provenance | Config |
| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | provenance | Config |
| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | provenance | |
| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | provenance | |
| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | provenance | |
| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | provenance | |
| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | provenance | Config |
| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | provenance | Config |
| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | provenance | Config |
| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | provenance | Config |
| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | provenance | |
| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | provenance | |
| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | provenance | |
| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | provenance | Config |
| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | provenance | Config |
| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | provenance | Config |
| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | provenance | |
| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | provenance | |
| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | provenance | Config |
| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | provenance | |
| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | provenance | Config |
| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | provenance | Config |
| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | provenance | |
| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | provenance | |
| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | provenance | Config |
subpaths
#select
| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled |
| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | user-controlled |

2
javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/Consistency.ql
View File

@@ -1,3 +1,3 @@
import javascript
import semmle.javascript.security.dataflow.ResourceExhaustionQuery
import utils.test.ConsistencyChecking
deprecated import utils.test.ConsistencyChecking

Some files were not shown because too many files have changed in this diff Show More