diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
index 153cb7f31e5..2e25fb78ef3 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointScoring.qll
@@ -49,6 +49,14 @@ module ModelScoring {
 
   predicate internalEnpointScores(DataFlow::Node endpoint, string prediction) =
     remoteScoreEndpoints(getEndpointPrompt/2)(endpoint, prediction)
+
+  // For debugging queries, don't limit these to effective sinks:
+  predicate getEndpointPromptForAnyEndpoint(DataFlow::Node node, string prompt) {
+    prompt = ModelPrompt::ModelPrompt::getPrompt(node)
+  }
+
+  predicate internalEnpointScoresForAnyEndpoint(DataFlow::Node endpoint, string prediction) =
+    remoteScoreEndpoints(getEndpointPromptForAnyEndpoint/2)(endpoint, prediction)
 }
 
 /**
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.expected
new file mode 100644
index 00000000000..3377346d8d8
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.expected
@@ -0,0 +1,458 @@
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`this . addEventListener ( 'message' , function ( event ) { document . write ( event . data ) ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data `\|`this . addEventListener ( 'message' , function ( { data } ) { document . write ( data ) ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`event . data `\|`function foo ( x , event , y ) { document . write ( x . data ) ; document . write ( event . data ) ; document . write ( y . data ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`\u0275getDOM ( ) . getLocation ( ) . href `\|`this . sanitizer . bypassSecurityTrustHtml ( \u0275getDOM ( ) . getLocation ( ) . href ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . params . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . params . foo ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParams . foo `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParams . foo ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:26:44:26:71 | this.ro ... ragment | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . fragment `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . fragment ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . paramMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . paramMap . get ( 'foo' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . queryParamMap . get ( 'foo' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . queryParamMap . get ( 'foo' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:30:46:30:59 | map.get('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`map . get ( 'foo' ) `\|`this . route . paramMap . subscribe ( map => { this . sanitizer . bypassSecurityTrustHtml ( map . get ( 'foo' ) ) ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:33:44:33:74 | this.ro ... 1].path | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . path `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . path ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:34:44:34:82 | this.ro ... eters.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameters . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameters . x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:35:44:35:91 | this.ro ... et('x') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . get ( 'x' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:36:44:36:91 | this.ro ... arams.x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . route . snapshot . url [ 1 ] . parameterMap . params . x `\|`this . sanitizer . bypassSecurityTrustHtml ( this . route . snapshot . url [ 1 ] . parameterMap . params . x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:38:44:38:58 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:40:45:40:59 | this.router.url | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . router . url `\|`this . sanitizer2 . bypassSecurityTrustHtml ( this . router . url ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`routeSnapshot . paramMap . get ( 'foo' ) `\|`someMethod ( routeSnapshot : ActivatedRouteSnapshot ) { this . sanitizer . bypassSecurityTrustHtml ( routeSnapshot . paramMap . get ( 'foo' ) ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNames ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNames ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNamesD ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNamesD ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ classNamesB ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ classNamesB ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ unsafeStyle ( 'foo' ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ unsafeStyle ( 'foo' ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ safeStyle ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ safeStyle ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <span class=  ${ clsx ( window . name ) }  >Hello<span>   `\|`document . body . innerHTML =   <span class=  ${ clsx ( window . name ) }  >Hello<span>   ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`d => getTaint ( ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getTaint ( ) `\|`selection . attr ( 'foo' , 'bar' ) . html ( getTaint ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFns . format ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateFns . format ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFnsEsm . format ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateFnsEsm . format ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateFnsFp . format ( taint ) ( time ) }    `\|`document . body . innerHTML =   Time is  ${ dateFnsFp . format ( taint ) ( time ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ moment ( time ) . format ( taint ) }    `\|`document . body . innerHTML =   Time is  ${ moment ( time ) . format ( taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Time is  ${ dateformat ( time , taint ) }    `\|`document . body . innerHTML =   Time is  ${ dateformat ( time , taint ) }    ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<h2><a href= ' + location . href + ' >A link</a></h2>' `\|`document . getElementById ( 'my-id' ) . onclick = function ( ) { this . parentNode . innerHTML = '<h2><a href= ' + location . href + ' >A link</a></h2>' ; } ;  `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  wobble  ) `\|`new JSDOM ( req . param (  wobble  ) , { runScripts :  dangerously  } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    + tainted +    >  `\|`$ (  <div id=    + tainted +    >  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` XSS:   + tainted `\|`$ (  body  ) . html (  XSS:   + tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash `\|`$ ( window . location . hash ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <b>  + location . toString ( ) +  </b>  `\|`$ (  <b>  + location . toString ( ) +  </b>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . hash ) `\|`elm . innerHTML = decodeURIComponent ( window . location . hash ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . search ) `\|`elm . innerHTML = decodeURIComponent ( window . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decodeURIComponent ( window . location . toString ( ) ) `\|`elm . innerHTML = decodeURIComponent ( window . location . toString ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`decoded . foo `\|`jwt . verify ( taint , 'my-secret-key' , function ( err , decoded ) { new JSDOM ( decoded . foo , { runScripts :  dangerously  } ) ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  Hi, you got a message from someone.  ${ req . query . message } .   `\|`html :   Hi, you got a message from someone.  ${ req . query . message } .   `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:6:18:6:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:9:18:9:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`$ ( 'myId' ) . html ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:17:20:17:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`$ ( 'myId' ) . html ( x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:32:18:32:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted2 `\|`$ ( 'myId' ) . html ( tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:39:18:39:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted3 `\|`$ ( 'myId' ) . html ( tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:18:45:56 | sanitiz ...  target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sanitize ? sanitizeBad ( target ) : target `\|`$ ( 'myId' ) . html ( sanitize ? sanitizeBad ( target ) : target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`app . get ( '/some/path' , function ( req , res ) { let tainted = req . param (  code  ) ; < WebView html = { tainted } / > ; < WebView source = { { html : tainted } } / > ; } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-native.js:9:27:9:33 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`< WebView source = { { html : tainted } } / > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:10:22:10:32 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`export function useDoc1 ( ) { let { root } = useMyContext ( ) ; root . appendChild ( window . name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-context.js:16:26:16:36 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`foo ( ) { let { root } = this . context ; root . appendChild ( window . name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:5:51:5:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`function initialState ( ) { let [ state , setState ] = useState ( window . name ) ; return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:11:51:11:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:17:51:17:55 | state | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`state `\|`return < div dangerouslySetInnerHTML = { { __html : state } } > < / div > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/react-use-state.js:23:35:23:38 | prev | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prev `\|`setState ( prev => { document . body . innerHTML = prev ; } ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:30:21:30:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:38:21:38:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:45:21:45:44 | '<b>' + ...  '</b>' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<b>' + tainted + '</b>' `\|`{ elt . innerHTML = '<b>' + tainted + '</b>' ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/sanitiser.js:48:19:48:46 | tainted ... /g, '') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted . replace ( /< w+/g , '' ) `\|`elt . innerHTML = tainted . replace ( /< w+/g , '' ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`sessionStorage . getItem ( 'session' ) `\|`$ ( 'myId' ) . html ( sessionStorage . getItem ( 'session' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:8:20:8:48 | localSt ... local') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`localStorage . getItem ( 'local' ) `\|`$ ( 'myId' ) . html ( localStorage . getItem ( 'local' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <a href=    + href +  >foobar</a>  `\|`$ ( 'myId' ) . html (  <a href=    + href +  >foobar</a>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:3:16:3:32 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`document . write ( document . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:4:16:4:37 | documen ... on.href | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href `\|`document . write ( document . location . href ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:5:16:5:47 | documen ... lueOf() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . valueOf ( ) `\|`document . write ( document . location . href . valueOf ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:6:16:6:43 | documen ... f.sup() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . sup ( ) `\|`document . write ( document . location . href . sup ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:7:16:7:51 | documen ... rCase() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . toUpperCase ( ) `\|`document . write ( document . location . href . toUpperCase ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:8:16:8:48 | documen ... mLeft() | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . href . trimLeft ( ) `\|`document . write ( document . location . href . trimLeft ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:9:16:9:58 | String. ... n.href) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String . fromCharCode ( document . location . href ) `\|`document . write ( String . fromCharCode ( document . location . href ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/string-manipulations.js:10:16:10:45 | String( ... n.href) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`String ( document . location . href ) `\|`document . write ( String ( document . location . href ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/translate.js:9:27:9:50 | searchP ... 'term') | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'term' ) `\|`$ ( 'original-term' ) . html ( searchParams . get ( 'term' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . src `\|`foo . setAttribute (  src  , data . src ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:5:26:5:31 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute (  HREF  , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:7:32:7:37 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttribute (  xlink:href  , data . p ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:9:37:9:42 | data.p | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'xlink' , 'href' , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst3.js:10:38:10:43 | data.p | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`data . p `\|`foo . setAttributeNS ( 'foobar' , 'href' , data . p ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <OPTION value=1>  + document . location . href . substring ( document . location . href . indexOf (  default=  ) + 8 ) +  </OPTION>  `\|`document . write (  <OPTION value=1>  + document . location . href . substring ( document . location . href . indexOf (  default=  ) + 8 ) +  </OPTION>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'<div style= width:' + target + 'px >' `\|`$ ( '<div style= width:' + target + 'px >' ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`searchParams . get ( 'name' ) `\|`$ ( 'name' ) . html ( searchParams . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function foo ( target ) { $ ( 'myId' ) . html ( target ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`baz ( document . location . search ) `\|`$ ( 'myId' ) . html ( baz ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( document . location . search ) `\|`$ ( 'myId' ) . html ( wrap ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`chop ( document . location . search ) `\|`$ ( 'myId' ) . html ( chop ( document . location . search ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`wrap ( chop ( bar ( ) ) ) `\|`$ ( 'myId' ) . html ( wrap ( chop ( bar ( ) ) ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`s `\|`function dangerouslySetInnerHtml ( s ) { $ ( 'myId' ) . html ( s ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`bar ( ) `\|`$ ( 'myId' ) . html ( bar ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`x `\|`if ( x ) $ ( 'myId' ) . html ( x ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`let s = < span dangerouslySetInnerHTML = { { __html : document . location . search } } / > ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsHtml ( document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAsCss ( document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . HTML , document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`$sce . trustAs ( $sce . CSS , document . location . search ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( '<div>' ) . html ( document . location . search ) ; angular . element ( '<div>' ) . html ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`link : function ( scope , element ) { element . html ( document . location . search ) ; element . html ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location . search `\|`function ( ) { angular . element ( document . location . search ) ; angular . element ( 'SAFE' ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`document . write ( v ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`v `\|`function ( ) { return function ( v ) { $ (  <div>  ) . html ( v ) ; } } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`xssSourceService ( ) `\|`[  xssSourceService  , function ( xssSourceService ) { $ (  <div>  ) . html ( xssSourceService ( ) ) ; } ] `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`parser . parseFromString ( target ,  application/xml  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . body . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . createElement ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`createElement ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`document . getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) [ 0 ] . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`getElementsByClassName ( ) . item ( ) . innerHTML = tainted ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createElement (  div  , { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`React . createFactory (  div  ) ( { dangerouslySetInnerHTML : { __html : tainted } } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted1 `\|`$ ( 'myId' ) . html ( this . state . tainted1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted2 `\|`$ ( 'myId' ) . html ( this . state . tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . tainted3 `\|`$ ( 'myId' ) . html ( this . state . tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevState . tainted4 `\|`this . setState ( prevState => { $ ( 'myId' ) . html ( prevState . tainted4 ) } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted1 `\|`$ ( 'myId' ) . html ( this . props . tainted1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted2 `\|`$ ( 'myId' ) . html ( this . props . tainted2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . props . tainted3 `\|`$ ( 'myId' ) . html ( this . props . tainted3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prevProps . tainted4 `\|`this . setState ( ( prevState , prevProps ) => { $ ( 'myId' ) . html ( prevProps . tainted4 ) } ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`this . state . stateTainted `\|`render ( ) { return < span dangerouslySetInnerHTML = { { __html : this . state . stateTainted } } / > ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`name `\|`function windowName ( ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . name `\|`for ( name of [ 'a' , 'b' ] ) { $ ( window . name ) ; $ ( name ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ ( location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location `\|`$ ( window . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`document . location `\|`$ ( document . location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc1 `\|`$ ( loc1 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc2 `\|`$ ( loc2 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc3 `\|`$ ( loc3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`$ (  body  ) . append ( location ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`var documentFragment = range . createContextualFragment ( tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ (  body  ) . append ( e ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`e `\|`catch ( e ) { $ (  body  ) . append ( e ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`location `\|`function handlebarsSafeString ( ) { return new Handlebars . SafeString ( location ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`params . get ( 'name' ) `\|`$ ( 'name' ) . html ( params . get ( 'name' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`getUrl ( ) . hash . substring ( 1 ) `\|`$ ( getUrl ( ) . hash . substring ( 1 ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`function growl ( ) { var target = document . location . search $ . jGrowl ( target ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`this . innerHTML = target ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`e . innerHTML = target ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target `\|`$ ( 'myId' ) . html ( target ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint `\|`$ ( 'myId' ) . html ( target . taint ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint3 `\|`$ ( 'myId' ) . html ( target . taint3 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint5 `\|`$ ( 'myId' ) . html ( target . taint5 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint7 `\|`$ ( 'myId' ) . html ( target . taint7 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . taint8 `\|`$ ( 'myId' ) . html ( target . taint8 ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`payload `\|`document . write ( payload ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`match [ 1 ] `\|`if ( match ) { document . write ( match [ 1 ] ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`window . location . hash . split ( '#' ) [ 1 ] `\|`document . write ( window . location . hash . split ( '#' ) [ 1 ] ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) `\|`$ (  #foo  ) . html ( target . replace ( /<metadata>[ s S]*< /metadata>/ , '<metadata></metadata>' ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`val `\|`templates : { suggestion : function ( val ) { return val ; } } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div>  + tainted +  </div>  `\|`$ (  <div>  + tainted +  </div>  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <div> ${ tainted } </div>   `\|`$ (   <div> ${ tainted } </div>   ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div>  . concat ( tainted ) . concat (  </div>  ) `\|`$ (  <div>  . concat ( tainted ) . concat (  </div>  ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[  <div>  , tainted ,  </div>  ] . join ( ) `\|`$ ( [  <div>  , tainted ,  </div>  ] . join ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:9:4:9:34 | "<div i ...  "\\"/>" | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    + tainted +    />  `\|`$ (  <div id=    + tainted +    />  ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  <div id=  ${ tainted }  />   `\|`$ (   <div id=  ${ tainted }  />   ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` <div id=    . concat ( tainted ) . concat (  />  ) `\|`$ (  <div id=    . concat ( tainted ) . concat (  />  ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[  <div id=    , tainted ,    />  ] . join ( ) `\|`$ ( [  <div id=    , tainted ,    />  ] . join ( ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection1 ( document . location . search . attrs ) `\|`$ ( indirection1 ( document . location . search . attrs ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | xss sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`indirection2 ( document . location . search . attrs ) `\|`$ ( indirection2 ( document . location . search . attrs ) ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:3:43:3:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`function test ( elt ) { var tainted = document . location . search . substring ( 1 ) ; WinJS . Utilities . setInnerHTMLUnsafe ( elt , tainted ) ; WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; } `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/DomBasedXss/winjs.js:4:43:4:49 | tainted | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`WinJS . Utilities . setOuterHTMLUnsafe ( elt , tainted ) ; `\| |
+| DomBasedXssAtmConfig | 1 | autogenerated/Xss/ExceptionXss/exception-xss.js:86:17:86:19 | foo | xss sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`foo `\|`$ ( 'myId' ) . html ( foo ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( checkSchema ( query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( ajv . validate ( schema , query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`if ( validate ( query ) ) { doc . find ( query ) ; } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . myDoc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:54:16:54:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:65:12:65:16 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:14:77:26 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:12:85:24 | { tags: tag } | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ tags : tag } `\|`{ tags : tag } `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:112:14:112:18 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:18:16:18:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongodb_bodySafe.js:29:16:29:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`doc . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ query ] `\|`Document . aggregate ( [ query ] ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:27:20:27:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:30:25:30:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteMany ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:33:24:33:28 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . deleteOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:36:31:36:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . distinct ( 'type' , query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:39:19:39:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:42:22:42:26 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:45:31:45:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndDelete ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:48:31:48:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndRemove ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:51:31:51:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:54:25:54:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . replaceOne ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:57:21:57:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . update ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:60:25:60:29 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateMany ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:21:63:25 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . updateOne ( query ) . then ( X ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:32:65:36 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findByIdAndUpdate ( X , query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:8:68:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new Mongoose . Query ( X , Y , query ) . and ( query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:72:16:72:20 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:73:8:73:12 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . where ( query ) . where ( query ) . and ( query ) . or ( query ) . distinct ( X , query ) `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:74:7:74:11 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:75:16:75:20 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:77:10:77:14 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`query `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:82:46:82:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . model ( Y ) . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:83:47:83:51 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Mongoose . createConnection ( X ) . models [ Y ] . count ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X , ( err , res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . exec ( ( err , res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOne ( X ) . then ( ( res ) => res . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X , ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . exec ( ( err , res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( X ) . then ( ( res ) => res [ i ] . count ( query ) ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | nosql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`new C ( X , Y , query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:31:113:35 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . findOneAndUpdate ( X , query , function ( ) { } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteMany ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:117:21:117:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . deleteOne ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:118:21:118:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . geoSearch ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:119:18:119:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . remove ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:120:22:120:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . replaceOne ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:121:16:121:19 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . find ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:122:19:122:22 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOne ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:123:20:123:21 | id | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`id `\|`Document . findById ( id ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:124:28:124:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndDelete ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:125:28:125:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndRemove ( cond ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:126:28:126:31 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . findOneAndUpdate ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:127:18:127:21 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . update ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:128:22:128:25 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateMany ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:129:21:129:24 | cond | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`cond `\|`Document . updateOne ( cond , Y ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:16:130:26 | { _id: id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ _id : id } `\|`Document . find ( { _id : id } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:23:19:23:23 | query | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`Document . find ( query ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:16:11:24 | { id: v } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : v } `\|`MyModel . find ( { id : v } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`{ id : req . body . id } `\|`MyModel . find ( { id : req . body . id } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:10:16:10:27 | req.body.key | nosql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . body . key `\|`client . set ( req . body . key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . hmset (  key  ,  field  ,  value  , key ,  value2  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`key `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ( err , newClient ) => { newClient . set ( key ,  value  ) ; } ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . duplicate ( ) . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:39:16:39:18 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`client . set ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:43:27:43:29 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo1 = setAsync ( key ,  value  ) ; `\| |
+| NosqlInjectionAtmConfig | 2 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:46:34:46:36 | key | nosql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`key `\|`const foo2 = client . setAsync ( key ,  value  ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`taint `\|`onRequest ( req , res ) { let taint = req . params . x ; this . db . one ( taint ) ; res . end ( ) ; } `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . any ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . many ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . manyOrNone ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . map ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multi ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . multiResult ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . none ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . oneOrNone ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . query ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . result ( query ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . one ( { text : query } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw' , values : req . params . id , } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`db . one ( { text : 'SELECT * FROM news where id = $1^' , values : req . params . id , } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ req . params . id , req . params . name , req . params . foo , ] `\|`db . one ( { text : 'SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3' , values : [ req . params . id , req . params . name , req . params . foo , ] } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`req . params . id `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . name `\|`values : [ req . params . id , req . params . name , req . params . foo , ] `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | sql injection sink | nosql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`values : { id : req . params . id , name : req . params . name , } `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . id `\|`id : req . params . id `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | sql injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params . title `\|`title : req . params . title `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( t => { return t . one ( query ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query `\|`db . task ( { cnd : t => t . one ( query ) } , t => t . one ( query ) ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`  INSERT INTO users(name) VALUES  ${ handle }    `\|`io . on ( 'connection' , ( socket ) => { socket . on ( 'newuser' , ( handle ) => { db . run (   INSERT INTO users(name) VALUES  ${ handle }    ) ; } ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst2.js:9:27:9:84 | "select ... d + "'" | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` select * from mytable where id = '  + req . params . id +  '  `\|`new sql . Request ( ) . query (  select * from mytable where id = '  + req . params . id +  '  ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:14:9:19 | query1 | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`query1 `\|`pool . query ( query1 , [ ] , function ( err , results ) { } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id =  ' + $routeParams . id + ' ' `\|`angular . module ( 'myApp' , [ 'ngRoute' ] ) . controller ( 'FindPost' , function ( $routeParams ) { db . get ( 'SELECT * FROM Post WHERE id =  ' + $routeParams . id + ' ' ) ; } ) ; `\| |
+| SqlInjectionAtmConfig | 3 | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:64 | 'SELECT ... d + '"' | sql injection sink | sql injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'SELECT * FROM Post WHERE id =  ' + req . params . id + ' ' `\|`app . get ( '/post/:id' , function ( req , res ) { db . get ( 'SELECT * FROM Post WHERE id =  ' + req . params . id + ' ' ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath-es6.js:10:26:10:45 | join("public", path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`join (  public  , path ) `\|`res . write ( readFileSync ( join (  public  , path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` /home/user/  + path `\|`res . write ( fs . readFileSync (  /home/user/  + path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . indexOf (  secret  ) == - 1 ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( fs . existsSync ( path ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path === 'foo.txt'    path === 'bar.txt'    someOpaqueCondition ( ) ) res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . basename ( path ) `\|`res . write ( fs . readFileSync ( pathModule . basename ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . dirname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . dirname ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . extname ( path ) `\|`res . write ( fs . readFileSync ( pathModule . extname ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path ) `\|`res . write ( fs . readFileSync ( pathModule . join ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . join ( x , y , path , z ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( x , path ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( x , path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . relative ( path , x ) `\|`res . write ( fs . readFileSync ( pathModule . relative ( path , x ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( path ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . resolve ( x , y , path , z ) `\|`res . write ( fs . readFileSync ( pathModule . resolve ( x , y , path , z ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . toNamespacedPath ( path ) `\|`res . write ( fs . readFileSync ( pathModule . toNamespacedPath ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | path injection sink | xss sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`Cookie . get (  unsafe  ) `\|`function ( ) { return { templateUrl : Cookie . get (  unsafe  ) } } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  querystringify  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  querystringify  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  query-string  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  query-string  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`require (  querystring  ) . parse ( req . url ) . query `\|`res . write ( fs . readFileSync ( require (  querystring  ) . parse ( req . url ) . query ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`var views_local = ( req , res ) => res . render ( req . params [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`fs . realpathSync ( path ) `\|`res . write ( fs . readFileSync ( fs . realpathSync ( path ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`realpath `\|`fs . realpath ( path , function ( err , realpath ) { res . write ( fs . readFileSync ( realpath ) ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require ( 'send' ) ( req , path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . join (  /  ) `\|`fs . readFileSync ( split . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ split . length - 1 ] `\|`fs . readFileSync ( prefix + split [ split . length - 1 ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split [ x ] `\|`fs . readFileSync ( split [ x ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`prefix + split [ x ] `\|`fs . readFileSync ( prefix + split [ x ] ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted . join (  /  ) `\|`fs . readFileSync ( concatted . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`concatted2 . join (  /  ) `\|`fs . readFileSync ( concatted2 . join (  /  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`split . pop ( ) `\|`fs . readFileSync ( split . pop ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[ ] [*,;'  <>  ? /]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[ ] [*,;'  <>  ? /]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[abcd]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[abcd]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[./]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[./]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[foobar/foobar]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[foobar/foobar]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / //g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / .  //g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / .  //g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[.]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[.]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( /[..]/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( /[..]/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / ./g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / ./g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . replace ( / . . BLA/g , '' ) `\|`res . write ( fs . readFileSync ( path . replace ( / . . BLA/g , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . . /)+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + pathModule . normalize ( path ) . replace ( /( . . /)*/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` prefix  + path . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync (  prefix  + path . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) `\|`res . write ( fs . readFileSync ( pathModule . normalize ( path ) . replace ( /^( . .[ /  ])+/ , '' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'./' + path `\|`fs . readFileSync ( './' + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path + '/index.html' `\|`fs . readFileSync ( path + '/index.html' ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  .  ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ../  ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  + pathModule . sep ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|` ./  + path `\|`fs . readFileSync (  ./  + path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path +  /index.html  `\|`fs . readFileSync ( path +  /index.html  ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith (  ..  ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path [ 0 ] !==  /  && path [ 0 ] !==  .  ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( path , 'index.html' ) `\|`fs . readFileSync ( pathModule . join ( path , 'index.html' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '.' , path ) `\|`fs . readFileSync ( pathModule . join ( '.' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`pathModule . join ( '/home/user/www' , path ) `\|`fs . readFileSync ( pathModule . join ( '/home/user/www' , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( path . includes ( '..' ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! path . includes ( '..' ) && ! pathModule . isAbsolute ( path ) ) fs . readFileSync ( path ) ; else fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`if ( normalizedPath . startsWith ( '/home/user/www' )    normalizedPath . startsWith ( '/home/user/public' ) ) fs . readFileSync ( normalizedPath ) ; else fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`fs . readFileSync ( normalizedPath ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( ! pathModule . isAbsolute ( path ) && ! path . startsWith ( '..' ) ) fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`newpath `\|`{ fs . readFileSync ( newpath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`{ fs . readFileSync ( path ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`normalizedPath `\|`{ fs . readFileSync ( normalizedPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`if ( abs . indexOf ( root ) !== 0 ) { fs . readFileSync ( path ) ; return ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`requestPath `\|`{ targetPath = rootPath ; fs . readFileSync ( requestPath ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`gracefulFs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fsExtra . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`originalFs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( true ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`getFsModule ( false ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  ./my-fs-module  ) . require ( true ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`flexibleModuleName . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`util . promisify ( fs . readFileSync ) ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  bluebird  ) . promisify ( fs . readFileSync ) ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`require (  bluebird  ) . promisifyAll ( fs ) . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`asyncFS . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`await page . pdf ( { path : tainted , format : 'a4' } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/pupeteer.js:13:37:13:43 | tainted | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`tainted `\|`for ( let i = 0 ; i < something ( ) ; i ++ ) { pages [ i ] . screenshot ( { path : tainted } ) ; } `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`fs . readFileSync ( path ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub `\|`fs . readFileSync ( obj . sub ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub3 `\|`fs . readFileSync ( obj . sub3 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`obj . sub4 = fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | path injection sink | non-sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`obj . sub4 `\|`fs . readFileSync ( obj . sub4 ) ? fs . readFileSync ( obj . sub4 ) : fs . readFileSync ( obj . sub4 ) `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`[ 'public' , path ] . join ( '/' ) `\|`res . write ( fs . readFileSync ( [ 'public' , path ] . join ( '/' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-array-steps.js:14:29:14:43 | parts.join('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`parts . join ( '/' ) `\|`res . write ( fs . readFileSync ( parts . join ( '/' ) ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  module  ) `\|`app . get ( '/some/path' , function ( req , res ) { var m = require ( req . param (  module  ) ) ; } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  gimme  ) `\|`res . sendFile ( req . param (  gimme  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:10:16:10:33 | req.param("gimme") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  gimme  ) `\|`res . sendfile ( req . param (  gimme  ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . param (  dir  ) `\|`res . sendFile ( req . param (  file  ) , { root : req . param (  dir  ) } ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:21:16:21:48 | homeDir ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + '/data/' + req . params . x `\|`res . sendFile ( homeDir + '/data/' + req . params . x ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:22:16:22:37 | 'data/' ... arams.x | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`'data/' + req . params . x `\|`res . sendfile ( 'data/' + req . params . x ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . resolve ( 'data' , req . params . x ) `\|`res . sendFile ( path . resolve ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . join ( 'data' , req . params . x ) `\|`res . sendfile ( path . join ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-sendFile.js:27:16:27:56 | homeDir ... rams.x) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`homeDir + path . join ( 'data' , req . params . x ) `\|`res . sendFile ( homeDir + path . join ( 'data' , req . params . x ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:7:18:7:37 | path.substring(i, j) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( i , j ) `\|`fs . readFileSync ( path . substring ( i , j ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 4 ) `\|`fs . readFileSync ( path . substring ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substring ( 0 , i ) `\|`fs . readFileSync ( path . substring ( 0 , i ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . substr ( 4 ) `\|`fs . readFileSync ( path . substr ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:11:18:11:30 | path.slice(4) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . slice ( 4 ) `\|`fs . readFileSync ( path . slice ( 4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . concat ( unknown ) `\|`fs . readFileSync ( path . concat ( unknown ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( path ) `\|`fs . readFileSync ( unknown . concat ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:15:18:15:46 | unknown ... , path) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`unknown . concat ( unknown , path ) `\|`fs . readFileSync ( unknown . concat ( unknown , path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:17:18:17:28 | path.trim() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . trim ( ) `\|`fs . readFileSync ( path . trim ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . toLowerCase ( ) `\|`fs . readFileSync ( path . toLowerCase ( ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:20:18:20:32 | path.split('/') | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) `\|`fs . readFileSync ( path . split ( '/' ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:21:18:21:35 | path.split('/')[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ 0 ] `\|`fs . readFileSync ( path . split ( '/' ) [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( '/' ) [ i ] `\|`fs . readFileSync ( path . split ( '/' ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( / // ) [ i ] `\|`fs . readFileSync ( path . split ( / // ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split (  ?  ) [ 0 ] `\|`fs . readFileSync ( path . split (  ?  ) [ 0 ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:25:18:25:39 | path.sp ... own)[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) [ i ] `\|`fs . readFileSync ( path . split ( unknown ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) . whatever `\|`fs . readFileSync ( path . split ( unknown ) . whatever ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:27:18:27:36 | path.split(unknown) | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split ( unknown ) `\|`fs . readFileSync ( path . split ( unknown ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/tainted-string-steps.js:28:18:28:35 | path.split("?")[i] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path . split (  ?  ) [ i ] `\|`fs . readFileSync ( path . split (  ?  ) [ i ] ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/torrents.js:7:25:7:27 | loc | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`loc `\|`return fs . readFileSync ( loc ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:12:29:12:32 | path | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path `\|`res . write ( fs . readFileSync ( path ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:21:39:21:43 | path3 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path3 `\|`path3 &&= res . write ( fs . readFileSync ( path3 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:24:39:24:43 | path4 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path4 `\|`path4 ??= res . write ( fs . readFileSync ( path4 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/typescript.ts:32:29:32:33 | path6 | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`path6 `\|`res . write ( fs . readFileSync ( path6 ) ) ; `\| |
+| TaintedPathAtmConfig | 4 | autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | path injection sink | path injection sink | # Examples of security vulnerability sinks and non-sinks\n\|Dataflow node\|Neighborhood\|Classification\|\n\|---\|---\|---\|\n\|`WPUrls.ajaxurl`\|`            dataType:  json ,            type:  POST ,            url: WPUrls.ajaxurl,            data: data,            complete: function( json ) {`\|non-sink\|\n\|`[ handlebars ]`\|` use strict ;    if (typeof define ===  function  && define.amd) {        define([ handlebars ], function(Handlebars) {            return factory(Handlebars.default Handlebars);        });`\|path injection sink\|\n\|`url`\|`} else {                        var matcher = new RegExp($.map(items.wanikanify_blackList, function(val) { return  ( +val+ ) ;}).join(  ));                        return matcher.test(url);                    }                }`\|non-sink\|\n\|`_.bind(connection.createGame, this, socket)`\|`var connection = module.exports = function (socket) {  socket.on( game:create , _.bind(connection.createGame, this, socket));  socket.on( game:spectate , _.bind(game.spectate, this, socket));  socket.on( register , _.bind(connection.register, this, socket));`\|non-sink\|\n\|`sql`\|`    if (err) throw err;    const sql =  UPDATE customers SET address =  Canyon 123  WHERE address =  Valley 345  ;    con.query(sql, function (err, result) {        if (err) throw err;        console.log(result.affectedRows +   record(s) updated );`\|sql injection sink\|\n\|` <style type= text/css  id= shapely-style-  + sufix +    /> `\|`              if ( ! style.length ) {                style = $(  head  ).append(  <style type= text/css  id= shapely-style-  + sufix +    />  ).find(  #shapely-style-  + sufix );              }`\|xss sink\|\n\|`content`\|`  textBoxEditor(content) {    console.log(content);  }  ngOnInit() {`\|non-sink\|\n\|`imageURL`\|`            <div id =  mypost >                <Link to ={ /post?id=  + postId}>                    <img src={imageURL} alt=  />                    <div className= img_info >                        <div><i className= fas fa-heart ></i> <span id= likes >{this.state.like}</span></div>`\|xss sink\|\n\|`{ roomId }`\|`    }    const game = await Game.findOne({ roomId });    if (!game) {`\|nosql injection sink\|\n\|` SELECT owner, name, program FROM Programs WHERE name =    + data +    `\|`app.get( /getProgram/:nombre , (request, response) => { var data = request.query.nombre; db.each( SELECT owner, name, program FROM Programs WHERE name =    + data +    , function(err, row) {     response.json(row.program); });`\|sql injection sink\|\n\|`listenToServer`\|`                            processCommand(cmd);                        }     setTimeout(listenToServer, 0);                    }                }`\|non-sink\|\n\|`negativeYearString`\|`            return Date.prototype.toJSON                && new Date(NaN).toJSON() === null                && new Date(negativeDate).toJSON().indexOf(negativeYearString) !== -1                && Date.prototype.toJSON.call({ // generic                    toISOString: function () { return true; }`\|non-sink\|\n\|`__dirname`\|`fs  .readdirSync(__dirname)  .filter(function(file) {    return (file.indexOf( . ) !== 0) && (file !== basename);`\|path injection sink\|\n\|`certificateId`\|`app.get( /certificate/data/:id , (req, res) => {  let certificateId = req.params.id;  Certificates.findById(certificateId)    .then(obj => {      if (obj === null)`\|nosql injection sink\|\n\|`{encoding:  utf8 }`\|`function updateChangelog() {  var filename = path.resolve(__dirname,  ../CHANGELOG.md )    , changelog = fs.readFileSync(filename, {encoding:  utf8 })    , entry = new RegExp( ### (  + version +  )(?: \\((.+?)\\))\\n )`\|non-sink\|\n\|`depth`\|` }); const indent =    .repeat(depth); let sep = indent; column_sizes.forEach((size) => {`\|non-sink\|\n\|`req . params [ 0 ] `\|`module . exports = ( req , res ) => res . render ( req . params [ 0 ] ) ;  `\| |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.ql
new file mode 100644
index 00000000000..fc4bcb206b8
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/SurfaceKnownSinks.ql
@@ -0,0 +1,26 @@
+/*
+ * SurfaceKnownSinks.ql
+ *
+ * This test surfaces all the known sinks for each sink type, together with the codex prompt and the prediction codex
+ * returns for each sink. It can be used to determine how well codex reproduces the manual modeling for each sink type.
+ */
+
+private import javascript as JS
+import extraction.NoFeaturizationRestrictionsConfig
+private import experimental.adaptivethreatmodeling.ATMConfig as AtmConfig
+private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
+private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
+private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
+private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.EndpointScoring as EndpointScoring
+
+from
+  AtmConfig::AtmConfig cfg, JS::DataFlow::PathNode sink, string prompt, string prediction,
+  string groundTruth
+where
+  cfg.isKnownSink(sink.getNode()) and
+  EndpointScoring::ModelScoring::internalEnpointScores(sink.getNode(), prediction) and
+  EndpointScoring::ModelScoring::getEndpointPromptForAnyEndpoint(sink.getNode(), prompt) and
+  cfg.getASinkEndpointType().getDescription() = groundTruth
+select cfg, cfg.getASinkEndpointType().getEncoding(), sink.getNode(), groundTruth, prediction,
+  prompt