mirror of
https://github.com/github/codeql.git
synced 2026-04-25 00:35:20 +02:00
JS: Updates to nodes/edges in tests
Only changes to nodes/edges for various reasons, no actual result changes
This commit is contained in:
Asger F
@@ -16,15 +16,15 @@ edges
|
||||
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | |
|
||||
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | provenance | |
|
||||
nodes
|
||||
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted |
|
||||
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name |
|
||||
@@ -42,10 +42,10 @@ nodes
|
||||
| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted |
|
||||
| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | semmle.label | [post update] {\\n x ... usted\\n} [x] |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | semmle.label | [post update] {\\n x ... usted\\n} [y] |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | semmle.label | [post update] {\\n x ... usted\\n} [z] |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | semmle.label | {\\n x ... usted\\n} [x] |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | semmle.label | {\\n x ... usted\\n} [y] |
|
||||
| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | semmle.label | {\\n x ... usted\\n} [z] |
|
||||
| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted |
|
||||
| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted |
|
||||
| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted |
|
||||
|
||||
@@ -27,8 +27,7 @@ edges
|
||||
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | |
|
||||
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | |
|
||||
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | |
|
||||
| child_process-test.js:46:9:46:17 | args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | |
|
||||
| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:46:9:46:17 | args [1] | provenance | |
|
||||
| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | |
|
||||
| child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance | |
|
||||
| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args | provenance | |
|
||||
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
|
||||
@@ -121,7 +120,6 @@ nodes
|
||||
| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd |
|
||||
| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd |
|
||||
| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd |
|
||||
| child_process-test.js:46:9:46:17 | args [1] | semmle.label | args [1] |
|
||||
| child_process-test.js:48:5:48:8 | [post update] args [1] | semmle.label | [post update] args [1] |
|
||||
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
|
||||
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
|
||||
|
||||
@@ -89,10 +89,8 @@ edges
|
||||
| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | |
|
||||
| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | |
|
||||
| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance | |
|
||||
| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | provenance | |
|
||||
| lib/lib.js:425:6:425:13 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance | |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | provenance | |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | lib/lib.js:425:6:425:13 | arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:427:14:427:16 | arr | provenance | |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance | |
|
||||
| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance | |
|
||||
| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | |
|
||||
@@ -100,10 +98,8 @@ edges
|
||||
| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance | |
|
||||
| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | |
|
||||
| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | |
|
||||
| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | provenance | |
|
||||
| lib/lib.js:432:6:432:13 | arr [ArrayElement] | lib/lib.js:437:9:437:11 | arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | provenance | |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | lib/lib.js:432:6:432:13 | arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:437:9:437:11 | arr | provenance | |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | lib/lib.js:437:9:437:11 | arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | provenance | |
|
||||
| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | provenance | |
|
||||
| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | |
|
||||
@@ -272,8 +268,6 @@ nodes
|
||||
| lib/lib.js:419:32:419:35 | name | semmle.label | name |
|
||||
| lib/lib.js:420:29:420:32 | name | semmle.label | name |
|
||||
| lib/lib.js:424:24:424:27 | name | semmle.label | name |
|
||||
| lib/lib.js:425:6:425:13 | arr | semmle.label | arr |
|
||||
| lib/lib.js:425:6:425:13 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr | semmle.label | [post update] arr |
|
||||
| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] |
|
||||
| lib/lib.js:426:11:426:14 | name | semmle.label | name |
|
||||
@@ -283,8 +277,6 @@ nodes
|
||||
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' |
|
||||
| lib/lib.js:428:36:428:39 | name | semmle.label | name |
|
||||
| lib/lib.js:431:23:431:26 | last | semmle.label | last |
|
||||
| lib/lib.js:432:6:432:13 | arr | semmle.label | arr |
|
||||
| lib/lib.js:432:6:432:13 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr | semmle.label | [post update] arr |
|
||||
| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] |
|
||||
| lib/lib.js:436:19:436:22 | last | semmle.label | last |
|
||||
|
||||
@@ -44,15 +44,13 @@ edges
|
||||
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | ReflectedXssGood3.js:108:10:108:14 | parts [0] | provenance | |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | provenance | |
|
||||
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | ReflectedXssGood3.js:77:7:77:37 | parts [0] | provenance | |
|
||||
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | |
|
||||
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
|
||||
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | provenance | |
|
||||
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
|
||||
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
|
||||
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
|
||||
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | provenance | |
|
||||
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
|
||||
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | provenance | |
|
||||
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | |
|
||||
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | |
|
||||
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | provenance | |
|
||||
@@ -103,8 +101,7 @@ edges
|
||||
| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | |
|
||||
| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | |
|
||||
| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | |
|
||||
| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | |
|
||||
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] | provenance | |
|
||||
| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | |
|
||||
| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | |
|
||||
| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | |
|
||||
| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | |
|
||||
@@ -118,8 +115,7 @@ edges
|
||||
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | |
|
||||
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | |
|
||||
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | |
|
||||
| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | |
|
||||
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] | provenance | |
|
||||
| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | |
|
||||
| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | |
|
||||
| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | |
|
||||
| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | |
|
||||
@@ -128,8 +124,7 @@ edges
|
||||
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | |
|
||||
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | |
|
||||
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | |
|
||||
| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | |
|
||||
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] | provenance | |
|
||||
| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | |
|
||||
| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | |
|
||||
| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | |
|
||||
| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | |
|
||||
@@ -139,8 +134,7 @@ edges
|
||||
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | |
|
||||
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | |
|
||||
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | |
|
||||
| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | |
|
||||
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] | provenance | |
|
||||
| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | |
|
||||
| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | |
|
||||
| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | |
|
||||
| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | |
|
||||
@@ -220,7 +214,6 @@ nodes
|
||||
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | semmle.label | parts [0] |
|
||||
| ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | semmle.label | parts [ArrayElement] |
|
||||
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | semmle.label | [value. ... (0, i)] [0] |
|
||||
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
|
||||
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
|
||||
@@ -290,7 +283,6 @@ nodes
|
||||
| tst2.js:21:14:21:14 | p | semmle.label | p |
|
||||
| tst2.js:30:7:30:24 | p | semmle.label | p |
|
||||
| tst2.js:30:9:30:9 | p | semmle.label | p |
|
||||
| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] |
|
||||
| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
|
||||
| tst2.js:33:11:33:11 | p | semmle.label | p |
|
||||
| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] |
|
||||
@@ -307,7 +299,6 @@ nodes
|
||||
| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe |
|
||||
| tst2.js:57:7:57:24 | p | semmle.label | p |
|
||||
| tst2.js:57:9:57:9 | p | semmle.label | p |
|
||||
| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] |
|
||||
| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
|
||||
| tst2.js:60:11:60:11 | p | semmle.label | p |
|
||||
| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] |
|
||||
@@ -318,7 +309,6 @@ nodes
|
||||
| tst2.js:64:12:64:18 | other.p | semmle.label | other.p |
|
||||
| tst2.js:69:7:69:24 | p | semmle.label | p |
|
||||
| tst2.js:69:9:69:9 | p | semmle.label | p |
|
||||
| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] |
|
||||
| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
|
||||
| tst2.js:72:11:72:11 | p | semmle.label | p |
|
||||
| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] |
|
||||
@@ -330,7 +320,6 @@ nodes
|
||||
| tst2.js:76:12:76:18 | other.p | semmle.label | other.p |
|
||||
| tst2.js:82:7:82:24 | p | semmle.label | p |
|
||||
| tst2.js:82:9:82:9 | p | semmle.label | p |
|
||||
| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] |
|
||||
| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] |
|
||||
| tst2.js:85:11:85:11 | p | semmle.label | p |
|
||||
| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] |
|
||||
|
||||
@@ -52,8 +52,6 @@ nodes
|
||||
| json-schema-validator.js:61:22:61:26 | query | semmle.label | query |
|
||||
| koarouter.js:5:11:5:33 | version | semmle.label | version |
|
||||
| koarouter.js:5:13:5:19 | version | semmle.label | version |
|
||||
| koarouter.js:11:11:11:28 | conditions | semmle.label | conditions |
|
||||
| koarouter.js:11:11:11:28 | conditions [ArrayElement] | semmle.label | conditions [ArrayElement] |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions | semmle.label | [post update] conditions |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | semmle.label | [post update] conditions [ArrayElement] |
|
||||
| koarouter.js:14:25:14:46 | `versio ... rsion}` | semmle.label | `versio ... rsion}` |
|
||||
@@ -327,10 +325,8 @@ edges
|
||||
| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | provenance | Config |
|
||||
| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | |
|
||||
| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | |
|
||||
| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | provenance | |
|
||||
| koarouter.js:11:11:11:28 | conditions [ArrayElement] | koarouter.js:17:52:17:61 | conditions [ArrayElement] | provenance | |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | provenance | |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | koarouter.js:11:11:11:28 | conditions [ArrayElement] | provenance | |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:17:52:17:61 | conditions | provenance | |
|
||||
| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | koarouter.js:17:52:17:61 | conditions [ArrayElement] | provenance | |
|
||||
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | |
|
||||
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | provenance | |
|
||||
| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | |
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
edges
|
||||
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | |
|
||||
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | |
|
||||
| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | |
|
||||
| bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | provenance | |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | provenance | |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | provenance | |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | provenance | |
|
||||
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | |
|
||||
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | provenance | |
|
||||
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | |
|
||||
@@ -15,8 +13,6 @@ edges
|
||||
nodes
|
||||
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` |
|
||||
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) |
|
||||
| bad-code-sanitization.js:6:11:6:25 | statements | semmle.label | statements |
|
||||
| bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | semmle.label | statements [ArrayElement] |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements |
|
||||
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | semmle.label | [post update] statements [ArrayElement] |
|
||||
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` |
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
edges
|
||||
| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | provenance | |
|
||||
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | provenance | |
|
||||
| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | |
|
||||
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | provenance | |
|
||||
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | |
|
||||
| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | provenance | |
|
||||
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | provenance | |
|
||||
| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | |
|
||||
@@ -20,11 +19,9 @@ edges
|
||||
| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | |
|
||||
| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | |
|
||||
| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | |
|
||||
| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | request.js:8:11:8:20 | {jsonData} | provenance | |
|
||||
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | provenance | |
|
||||
| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | provenance | |
|
||||
| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | provenance | |
|
||||
| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | |
|
||||
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | provenance | |
|
||||
| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | |
|
||||
| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | provenance | |
|
||||
| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | provenance | |
|
||||
| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | provenance | |
|
||||
@@ -38,18 +35,15 @@ edges
|
||||
| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | provenance | |
|
||||
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | provenance | |
|
||||
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | provenance | |
|
||||
| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | |
|
||||
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | provenance | |
|
||||
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | |
|
||||
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | provenance | |
|
||||
| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | provenance | |
|
||||
| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | |
|
||||
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | provenance | |
|
||||
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | |
|
||||
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | provenance | |
|
||||
| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | provenance | |
|
||||
nodes
|
||||
| FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content |
|
||||
| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") |
|
||||
| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | semmle.label | [post update] {\\n hos ... ent }\\n} [headers, Referer] |
|
||||
| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | semmle.label | {\\n hos ... ent }\\n} |
|
||||
| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | semmle.label | { Referer: content } [Referer] |
|
||||
| FileAccessToHttp.js:9:23:9:29 | content | semmle.label | content |
|
||||
@@ -71,11 +65,9 @@ nodes
|
||||
| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() |
|
||||
| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk |
|
||||
| request.js:6:19:6:26 | jsonData | semmle.label | jsonData |
|
||||
| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | semmle.label | [post update] {jsonData} [jsonData] |
|
||||
| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} |
|
||||
| request.js:8:12:8:19 | jsonData | semmle.label | jsonData |
|
||||
| request.js:13:18:13:24 | xmlData | semmle.label | xmlData |
|
||||
| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | semmle.label | [post update] {\\n u ... ody\\n } [body] |
|
||||
| request.js:16:11:23:3 | {\\n u ... ody\\n } | semmle.label | {\\n u ... ody\\n } |
|
||||
| request.js:22:11:22:17 | xmlData | semmle.label | xmlData |
|
||||
| request.js:28:52:28:55 | data | semmle.label | data |
|
||||
@@ -90,12 +82,10 @@ nodes
|
||||
| sentAsHeaders.js:12:19:12:25 | content | semmle.label | content |
|
||||
| sentAsHeaders.js:12:19:12:74 | content ... =", "") | semmle.label | content ... =", "") |
|
||||
| sentAsHeaders.js:12:19:12:81 | content ... .trim() | semmle.label | content ... .trim() |
|
||||
| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] |
|
||||
| sentAsHeaders.js:14:20:19:9 | {\\n ... } | semmle.label | {\\n ... } |
|
||||
| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] |
|
||||
| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | semmle.label | "http:/ ... content |
|
||||
| sentAsHeaders.js:18:47:18:53 | content | semmle.label | content |
|
||||
| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] |
|
||||
| sentAsHeaders.js:20:20:25:9 | {\\n ... } | semmle.label | {\\n ... } |
|
||||
| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] |
|
||||
| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | semmle.label | "http:/ ... content |
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
edges
|
||||
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | |
|
||||
| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | |
|
||||
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | provenance | |
|
||||
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | |
|
||||
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | |
|
||||
| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | |
|
||||
| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | |
|
||||
nodes
|
||||
| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password |
|
||||
| PostMessageStar2.js:4:7:4:15 | data [foo] | semmle.label | data [foo] |
|
||||
| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | semmle.label | [post update] data [foo] |
|
||||
| PostMessageStar2.js:5:14:5:21 | password | semmle.label | password |
|
||||
| PostMessageStar2.js:8:29:8:32 | data | semmle.label | data |
|
||||
|
||||
@@ -1,89 +1,58 @@
|
||||
edges
|
||||
| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | |
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | provenance | |
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | |
|
||||
| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | |
|
||||
| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | |
|
||||
| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | |
|
||||
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | |
|
||||
| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | |
|
||||
| build-leaks.js:14:18:14:20 | env [Return] | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | provenance | |
|
||||
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | provenance | |
|
||||
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env [Return] | provenance | |
|
||||
| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:16:20:16:22 | env | provenance | |
|
||||
| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config |
|
||||
| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | |
|
||||
| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | provenance | |
|
||||
| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | |
|
||||
| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | provenance | |
|
||||
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | |
|
||||
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | provenance | |
|
||||
| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | |
|
||||
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | |
|
||||
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | Config |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | provenance | Config |
|
||||
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | |
|
||||
| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | |
|
||||
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env | provenance | |
|
||||
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env [Return] | provenance | |
|
||||
| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:24:20:24:22 | env | provenance | |
|
||||
| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config |
|
||||
| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | provenance | |
|
||||
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | |
|
||||
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | provenance | |
|
||||
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | |
|
||||
| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | |
|
||||
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | |
|
||||
| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | |
|
||||
| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | |
|
||||
| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
|
||||
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | provenance | |
|
||||
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | |
|
||||
| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | |
|
||||
nodes
|
||||
| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | semmle.label | [post update] { // NO ... .env)\\n} [process.env] |
|
||||
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} |
|
||||
| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) |
|
||||
| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env |
|
||||
| build-leaks.js:13:11:19:10 | raw | semmle.label | raw |
|
||||
| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) |
|
||||
| build-leaks.js:14:18:14:20 | env | semmle.label | env |
|
||||
| build-leaks.js:14:18:14:20 | env | semmle.label | env |
|
||||
| build-leaks.js:14:18:14:20 | env [Return] | semmle.label | env [Return] |
|
||||
| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env |
|
||||
| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env |
|
||||
| build-leaks.js:16:20:16:22 | env | semmle.label | env |
|
||||
| build-leaks.js:16:20:16:22 | env | semmle.label | env |
|
||||
| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | semmle.label | [post update] {\\n ... } |
|
||||
| build-leaks.js:17:12:19:9 | {\\n ... } | semmle.label | {\\n ... } |
|
||||
| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] |
|
||||
| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] |
|
||||
| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) |
|
||||
| build-leaks.js:22:36:22:38 | raw | semmle.label | raw |
|
||||
| build-leaks.js:22:49:22:51 | env | semmle.label | env |
|
||||
| build-leaks.js:22:49:22:51 | env | semmle.label | env |
|
||||
| build-leaks.js:22:49:22:51 | env [Return] | semmle.label | env [Return] |
|
||||
| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env |
|
||||
| build-leaks.js:23:39:23:41 | raw | semmle.label | raw |
|
||||
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
|
||||
| build-leaks.js:24:20:24:22 | env | semmle.label | env |
|
||||
| build-leaks.js:25:12:25:13 | [post update] {} | semmle.label | [post update] {} |
|
||||
| build-leaks.js:25:12:25:13 | {} | semmle.label | {} |
|
||||
| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] |
|
||||
| build-leaks.js:30:22:30:31 | stringifed [process.env] | semmle.label | stringifed [process.env] |
|
||||
| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | semmle.label | getEnv('production') [stringified, process.env] |
|
||||
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | semmle.label | getEnv( ... ngified |
|
||||
| build-leaks.js:40:9:40:60 | pw | semmle.label | pw |
|
||||
| build-leaks.js:40:14:40:60 | url.par ... assword | semmle.label | url.par ... assword |
|
||||
| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | semmle.label | [post update] { "proc ... y(pw) } [process.env.secret] |
|
||||
| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } |
|
||||
| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) |
|
||||
| build-leaks.js:41:82:41:83 | pw | semmle.label | pw |
|
||||
subpaths
|
||||
| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env [Return] | build-leaks.js:25:12:25:13 | [post update] {} |
|
||||
| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
|
||||
| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) |
|
||||
#select
|
||||
| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment |
|
||||
| build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment |
|
||||
|
||||
@@ -4,13 +4,11 @@ nodes
|
||||
| angularmerge.js:2:32:2:36 | event | semmle.label | event |
|
||||
| angularmerge.js:2:32:2:41 | event.data | semmle.label | event.data |
|
||||
| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | semmle.label | req.query.foo |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | semmle.label | req.query.value |
|
||||
| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | semmle.label | opts [thing] |
|
||||
| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | semmle.label | {\\n ... e\\n } [thing] |
|
||||
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | semmle.label | req.query.value |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | semmle.label | opts [thing] |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | semmle.label | opts.thing |
|
||||
@@ -32,14 +30,12 @@ edges
|
||||
| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | provenance | |
|
||||
| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | provenance | |
|
||||
| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | provenance | Config |
|
||||
| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | provenance | |
|
||||
| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | provenance | |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | provenance | |
|
||||
| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | provenance | |
|
||||
| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | provenance | |
|
||||
|
||||
Reference in New Issue
Block a user