diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst index 1dfcd0b713b..2a65fbe5dc5 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst @@ -204,58 +204,45 @@ data flow solver that can check whether there is (global) data flow from a sourc Optionally, configurations may specify extra data flow edges to be added to the data flow graph, and may also specify `barriers`. Barriers are data flow nodes or edges through which data should not be tracked for the purposes of this analysis. -To define a configuration, extend the class ``DataFlow::Configuration`` as follows: +To define a configuration, add a module that implements the signature ``DataFlow::ConfigSig`` and pass it to ``DataFlow::Global`` as follows: .. code-block:: ql - class MyDataFlowConfiguration extends DataFlow::Configuration { - MyDataFlowConfiguration() { this = "MyDataFlowConfiguration" } + module MyAnalysisConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { /* ... */ } - override predicate isSource(DataFlow::Node source) { /* ... */ } + predicate isSink(DataFlow::Node sink) { /* ... */ } - override predicate isSink(DataFlow::Node sink) { /* ... */ } - - // optional overrides: - override predicate isBarrier(DataFlow::Node nd) { /* ... */ } - override predicate isBarrierEdge(DataFlow::Node pred, DataFlow::Node succ) { /* ... */ } - override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { /* ... */ } + // optional predicates: + predicate isBarrier(DataFlow::Node nd) { /* ... */ } + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { /* ... */ } } -The characteristic predicate ``MyDataFlowConfiguration()`` defines the name of the configuration, so ``"MyDataFlowConfiguration"`` should be replaced by a suitable -name describing your particular analysis configuration. + module MyAnalysisFlow = DataFlow::Global -The data flow analysis is performed using the predicate ``hasFlow(source, sink)``: +The data flow analysis is performed using the predicate ``MyAnalysisFlow::flow(source, sink)``: .. code-block:: ql - from MyDataFlowConfiguration dataflow, DataFlow::Node source, DataFlow::Node sink - where dataflow.hasFlow(source, sink) + from DataFlow::Node source, DataFlow::Node sink + where MyAnalysisFlow::flow(source, sink) select source, "Data flow from $@ to $@.", source, source.toString(), sink, sink.toString() Using global taint tracking ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Global taint tracking extends global data flow with additional non-value-preserving steps, such as flow through string-manipulating operations. To use it, simply extend -``TaintTracking::Configuration`` instead of ``DataFlow::Configuration``: +Global taint tracking extends global data flow with additional non-value-preserving steps, such as flow through string-manipulating operations. To use it, simply +use ``TaintTracking::Global<...>`` instead of ``DataFlow::Global<...>``: .. code-block:: ql - class MyTaintTrackingConfiguration extends TaintTracking::Configuration { - MyTaintTrackingConfiguration() { this = "MyTaintTrackingConfiguration" } - - override predicate isSource(DataFlow::Node source) { /* ... */ } - - override predicate isSink(DataFlow::Node sink) { /* ... */ } + module MyAnalysisConfig implements DataFlow::ConfigSig { + /* ... */ } -Analogous to ``isAdditionalFlowStep``, there is a predicate ``isAdditionalTaintStep`` that you can override to specify custom flow steps to consider in the analysis. -Instead of the ``isBarrier`` and ``isBarrierEdge`` predicates, the taint tracking configuration includes ``isSanitizer`` and ``isSanitizerEdge`` predicates that specify -data flow nodes or edges that act as taint sanitizers and hence stop flow from a source to a sink. + module MyAnalysisFlow = TaintTracking::Global -Similar to global data flow, the characteristic predicate ``MyTaintTrackingConfiguration()`` defines the unique name of the configuration, so ``"MyTaintTrackingConfiguration"`` -should be replaced by an appropriate descriptive name. - -The taint tracking analysis is again performed using the predicate ``hasFlow(source, sink)``. +The taint tracking analysis is again performed using the predicate ``MyAnalysisFlow::flow(source, sink)``. Examples ~~~~~~~~ @@ -267,20 +254,20 @@ time using global taint tracking. import javascript - class CommandLineFileNameConfiguration extends TaintTracking::Configuration { - CommandLineFileNameConfiguration() { this = "CommandLineFileNameConfiguration" } - - override predicate isSource(DataFlow::Node source) { + module CommandLineFileNameConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { DataFlow::globalVarRef("process").getAPropertyRead("argv").getAPropertyRead() = source } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { DataFlow::moduleMember("fs", "readFile").getACall().getArgument(0) = sink } } - from CommandLineFileNameConfiguration cfg, DataFlow::Node source, DataFlow::Node sink - where cfg.hasFlow(source, sink) + module CommandLineFileNameFlow = TaintTracking::Global; + + from DataFlow::Node source, DataFlow::Node sink + where CommandLineFileNameFlow::flow(source, sink) select source, sink This query will now find flows that involve inter-procedural steps, like in the following example (where the individual steps have been marked with comments @@ -325,15 +312,15 @@ with an error if it does not. We could then use that function in ``readFileHelpe } For the purposes of our above analysis, ``checkPath`` is a `sanitizer`: its output is always untainted, even if its input is tainted. To model this -we can add an override of ``isSanitizer`` to our taint-tracking configuration like this: +we can add an ``isBarrier`` predicate to our taint-tracking configuration like this: .. code-block:: ql - class CommandLineFileNameConfiguration extends TaintTracking::Configuration { + module CommandLineFileNameConfig implements DataFlow::ConfigSig { // ... - override predicate isSanitizer(DataFlow::Node nd) { + predicate isBarrier(DataFlow::Node nd) { nd.(DataFlow::CallNode).getCalleeName() = "checkPath" } } @@ -359,36 +346,36 @@ Note that ``checkPath`` is now no longer a sanitizer in the sense described abov through ``checkPath`` any more. The flow is, however, `guarded` by ``checkPath`` in the sense that the expression ``checkPath(p)`` has to evaluate to ``true`` (or, more precisely, to a truthy value) in order for the flow to happen. -Such sanitizer guards can be supported by defining a new subclass of ``TaintTracking::SanitizerGuardNode`` and overriding the predicate -``isSanitizerGuard`` in the taint-tracking configuration class to add all instances of this class as sanitizer guards to the configuration. +Such sanitizer guards can be supported by defining a class with a ``blocksExpr`` predicate and using the `DataFlow::MakeBarrierGuard`` module +to implement the ``isBarrier`` predicate. -For our above example, we would begin by defining a subclass of ``SanitizerGuardNode`` that identifies guards of the form ``checkPath(...)``: +For our above example, we would begin by defining a subclass of ``DataFlow::CallNode`` that identifies guards of the form ``checkPath(...)``: .. code-block:: ql - class CheckPathSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class CheckPathSanitizerGuard extends DataFlow::CallNode { CheckPathSanitizerGuard() { this.getCalleeName() = "checkPath" } - override predicate sanitizes(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and - e = getArgument(0).asExpr() + e = this.getArgument(0).asExpr() } } -The characteristic predicate of this class checks that the sanitizer guard is a call to a function named ``checkPath``. The overriding definition -of ``sanitizes`` says such a call sanitizes its first argument (that is, ``getArgument(0)``) if it evaluates to ``true`` (or rather, a truthy +The characteristic predicate of this class checks that the sanitizer guard is a call to a function named ``checkPath``. The definition +of ``blocksExpr`` says such a call sanitizes its first argument (that is, ``getArgument(0)``) if it evaluates to ``true`` (or rather, a truthy value). -Now we can override ``isSanitizerGuard`` to add these sanitizer guards to our configuration: +Now we can implement ``isBarrier`` to add this sanitizer guard to our configuration: .. code-block:: ql - class CommandLineFileNameConfiguration extends TaintTracking::Configuration { + module CommandLineFileNameConfig implements DataFlow::ConfigSig { // ... - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) { - nd instanceof CheckPathSanitizerGuard + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } @@ -399,7 +386,7 @@ reach there if ``checkPath(p)`` evaluates to a truthy value. Consequently, there Additional taint steps ~~~~~~~~~~~~~~~~~~~~~~ -Sometimes the default data flow and taint steps provided by ``DataFlow::Configuration`` and ``TaintTracking::Configuration`` are not sufficient +Sometimes the default data flow and taint steps provided by the data flow library are not sufficient and we need to add additional flow or taint steps to our configuration to make it find the expected flow. For example, this can happen because the analyzed program uses a function from an external library whose source code is not available to the analysis, or because it uses a function that is too difficult to analyze. @@ -420,20 +407,20 @@ to resolve any symlinks in the path ``p`` before passing it to ``readFile``: Resolving symlinks does not make an unsafe path any safer, so we would still like our query to flag this, but since the standard library does not have a model of ``resolve-symlinks`` it will no longer return any results. -We can fix this quite easily by adding an overriding definition of the ``isAdditionalTaintStep`` predicate to our configuration, introducing an +We can fix this quite easily by adding a definition of the ``isAdditionalFlowStep`` predicate to our configuration, introducing an additional taint step from the first argument of ``resolveSymlinks`` to its result: .. code-block:: ql - class CommandLineFileNameConfiguration extends TaintTracking::Configuration { + module CommandLineFileNameConfig implements DataFlow::ConfigSig { // ... - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { exists(DataFlow::CallNode c | c = DataFlow::moduleImport("resolve-symlinks").getACall() and - pred = c.getArgument(0) and - succ = c + node1 = c.getArgument(0) and + node2 = c ) } } @@ -444,11 +431,11 @@ to wrap it in a new subclass of ``TaintTracking::SharedTaintStep`` like this: .. code-block:: ql class StepThroughResolveSymlinks extends TaintTracking::SharedTaintStep { - override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + override predicate step(DataFlow::Node node1, DataFlow::Node node2) { exists(DataFlow::CallNode c | c = DataFlow::moduleImport("resolve-symlinks").getACall() and - pred = c.getArgument(0) and - succ = c + node1 = c.getArgument(0) and + node2 = c ) } } @@ -494,18 +481,18 @@ Exercise 2 import javascript - class HardCodedTagNameConfiguration extends DataFlow::Configuration { - HardCodedTagNameConfiguration() { this = "HardCodedTagNameConfiguration" } + module HardCodedTagNameConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr() instanceof ConstantString } - override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof ConstantString } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = DataFlow::globalVarRef("document").getAMethodCall("createElement").getArgument(0) } } - from HardCodedTagNameConfiguration cfg, DataFlow::Node source, DataFlow::Node sink - where cfg.hasFlow(source, sink) + module HardCodedTagNameFlow = DataFlow::Global; + + from DataFlow::Node source, DataFlow::Node sink + where HardCodedTagNameFlow::flow(source, sink) select source, sink Exercise 3 @@ -540,18 +527,18 @@ Exercise 4 } } - class HardCodedTagNameConfiguration extends DataFlow::Configuration { - HardCodedTagNameConfiguration() { this = "HardCodedTagNameConfiguration" } + module HardCodedTagNameConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ArrayEntryCallResult } - override predicate isSource(DataFlow::Node source) { source instanceof ArrayEntryCallResult } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = DataFlow::globalVarRef("document").getAMethodCall("createElement").getArgument(0) } } - from HardCodedTagNameConfiguration cfg, DataFlow::Node source, DataFlow::Node sink - where cfg.hasFlow(source, sink) + module HardCodedTagNameFlow = DataFlow::Global; + + from DataFlow::Node source, DataFlow::Node sink + where HardCodedTagNameFlow::flow(source, sink) select source, sink Further reading diff --git a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst index 35df0b91752..141acb915b7 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-javascript.rst @@ -18,6 +18,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs data-flow-cheat-sheet-for-javascript customizing-library-models-for-javascript + migrating-javascript-dataflow-queries - :doc:`Basic query for JavaScript and TypeScript code `: Learn to write and run a simple CodeQL query. @@ -37,4 +38,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Data flow cheat sheet for JavaScript `: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries. -- :doc:`Customizing library models for JavaScript `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. +- :doc:`Customizing library models for JavaScript `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. + +- :doc:`Migrating JavaScript dataflow queries `: Guide on migrating data flow queries to the new data flow library. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst index 6742dfa8e76..aeaf68aeee4 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst @@ -700,19 +700,16 @@ The data flow graph-based analyses described so far are all intraprocedural: the We distinguish here between data flow proper, and *taint tracking*: the latter not only considers value-preserving flow (such as from variable definitions to uses), but also cases where one value influences ("taints") another without determining it entirely. For example, in the assignment ``s2 = s1.substring(i)``, the value of ``s1`` influences the value of ``s2``, because ``s2`` is assigned a substring of ``s1``. In general, ``s2`` will not be assigned ``s1`` itself, so there is no data flow from ``s1`` to ``s2``, but ``s1`` still taints ``s2``. -It is a common pattern that we wish to specify data flow or taint analysis in terms of its *sources* (where flow starts), *sinks* (where it should be tracked), and *barriers* or *sanitizers* (where flow is interrupted). Sanitizers they are very common in security analyses: for example, an analysis that tracks the flow of untrusted user input into, say, a SQL query has to keep track of code that validates the input, thereby making it safe to use. Such a validation step is an example of a sanitizer. +It is a common pattern that we wish to specify data flow or taint analysis in terms of its *sources* (where flow starts), *sinks* (where it should be tracked), and *barriers* (also called *sanitizers*) where flow is interrupted. Sanitizers they are very common in security analyses: for example, an analysis that tracks the flow of untrusted user input into, say, a SQL query has to keep track of code that validates the input, thereby making it safe to use. Such a validation step is an example of a sanitizer. -The classes ``DataFlow::Configuration`` and ``TaintTracking::Configuration`` allow specifying a data flow or taint analysis, respectively, by overriding the following predicates: +A module implementing the signature `DataFlow::ConfigSig` may specify a data flow or taint analysis by implementing the following predicates: - ``isSource(DataFlow::Node nd)`` selects all nodes ``nd`` from where flow tracking starts. - ``isSink(DataFlow::Node nd)`` selects all nodes ``nd`` to which the flow is tracked. -- ``isBarrier(DataFlow::Node nd)`` selects all nodes ``nd`` that act as a barrier for data flow; ``isSanitizer`` is the corresponding predicate for taint tracking configurations. -- ``isBarrierEdge(DataFlow::Node src, DataFlow::Node trg)`` is a variant of ``isBarrier(nd)`` that allows specifying barrier *edges* in addition to barrier nodes; again, ``isSanitizerEdge`` is the corresponding predicate for taint tracking; -- ``isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg)`` allows specifying custom additional flow steps for this analysis; ``isAdditionalTaintStep`` is the corresponding predicate for taint tracking configurations. +- ``isBarrier(DataFlow::Node nd)`` selects all nodes ``nd`` that act as a barrier/sanitizer for data flow. +- ``isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg)`` allows specifying custom additional flow steps for this analysis. -Since for technical reasons both ``Configuration`` classes are subtypes of ``string``, you have to choose a unique name for each flow configuration and equate ``this`` with it in the characteristic predicate (as in the example below). - -The predicate ``Configuration.hasFlow`` performs the actual flow tracking, starting at a source and looking for flow to a sink that does not pass through a barrier node or edge. +Such a module can be passed to ``DataFlow::Global<...>``. This will produce a module with a ``flow`` predicate that performs the actual flow tracking, starting at a source and looking for flow to a sink that does not pass through a barrier node. For example, suppose that we are developing an analysis to find hard-coded passwords. We might write a simple query that looks for string constants flowing into variables named ``"password"``. @@ -720,35 +717,27 @@ For example, suppose that we are developing an analysis to find hard-coded passw import javascript - class PasswordTracker extends DataFlow::Configuration { - PasswordTracker() { - // unique identifier for this configuration - this = "PasswordTracker" - } + module PasswordConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node nd) { nd.asExpr() instanceof StringLiteral } - override predicate isSource(DataFlow::Node nd) { - nd.asExpr() instanceof StringLiteral - } - - override predicate isSink(DataFlow::Node nd) { - passwordVarAssign(_, nd) - } - - predicate passwordVarAssign(Variable v, DataFlow::Node nd) { - v.getAnAssignedExpr() = nd.asExpr() and - v.getName().toLowerCase() = "password" - } + predicate isSink(DataFlow::Node nd) { passwordVarAssign(_, nd) } } -Now we can rephrase our query to use ``Configuration.hasFlow``: + predicate passwordVarAssign(Variable v, DataFlow::Node nd) { + v.getAnAssignedExpr() = nd.asExpr() and + v.getName().toLowerCase() = "password" + } + + module PasswordFlow = DataFlow::Global; + +Now we can rephrase our query to use ``PasswordFlow::flow``: .. code-block:: ql - from PasswordTracker pt, DataFlow::Node source, DataFlow::Node sink, Variable v - where pt.hasFlow(source, sink) and pt.passwordVarAssign(v, sink) + from DataFlow::Node source, DataFlow::Node sink, Variable v + where PasswordFlow::flow(_, sink) and passwordVarAssign(v, sink) select sink, "Password variable " + v + " is assigned a constant string." - Syntax errors ~~~~~~~~~~~~~ diff --git a/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst b/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst index 60d66ba1644..9ac89996d40 100644 --- a/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst @@ -16,18 +16,17 @@ Use the following template to create a taint tracking path query: * @kind path-problem */ import javascript - import DataFlow - import DataFlow::PathGraph - class MyConfig extends TaintTracking::Configuration { - MyConfig() { this = "MyConfig" } - override predicate isSource(Node node) { ... } - override predicate isSink(Node node) { ... } - override predicate isAdditionalTaintStep(Node pred, Node succ) { ... } + module MyConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { ... } + predicate isSink(DataFlow::Node node) { ... } + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { ... } } - from MyConfig cfg, PathNode source, PathNode sink - where cfg.hasFlowPath(source, sink) + module MyFlow = TaintTracking::Global; + + from MyFlow::PathNode source, MyFlow::PathNode sink + where MyFlow::flowPath(source, sink) select sink.getNode(), source, sink, "taint from $@.", source.getNode(), "here" This query reports flow paths which: diff --git a/docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst b/docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst new file mode 100644 index 00000000000..e531695d9c0 --- /dev/null +++ b/docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst @@ -0,0 +1,301 @@ +.. _migrating-javascript-dataflow-queries: + +Migrating JavaScript Dataflow Queries +===================================== + +The JavaScript analysis used to have its own data flow library, which differed from the shared data flow +library used by other languages. This library has now been deprecated in favor of the shared library. + +This article explains how to migrate JavaScript data flow queries to use the shared data flow library, +and some important differences to be aware of. Note that the article on :ref:`analyzing data flow in JavaScript and TypeScript ` +provides a general guide to the new data flow library, whereas this article aims to help with migrating existing queries from the old data flow library. + +Note that the ``DataFlow::Configuration`` class is still backed by the original data flow library, but has been marked as deprecated. +This means data flow queries using this class will continue to work, albeit with deprecation warnings, until the 1-year deprecation period expires in early 2026. +It is recommended that all custom queries are migrated before this time, to ensure they continue to work in the future. + +Data flow queries should be migrated to use ``DataFlow::ConfigSig``-style modules instead of the ``DataFlow::Configuration`` class. +This is identical to the interface found in other languages. +When making this switch, the query will become backed by the shared data flow library instead. That is, data flow queries will only work +with the shared data flow library when they have been migrated to ``ConfigSig``-style, as shown in the following table: + +.. list-table:: Data flow libraries + :widths: 20 80 + :header-rows: 1 + + * - API + - Implementation + * - ``DataFlow::Configuration`` + - Old library (deprecated, to be removed in early 2026) + * - ``DataFlow::ConfigSig`` + - Shared library + +A straightforward translation to ``DataFlow::ConfigSig``-style is usually possible, although there are some complications +that may cause the query to behave differently. +We'll first cover some straightforward migration examples, and then go over some of the complications that may arise. + +Simple migration example +------------------------ + +A simple example of a query using the old data flow library is shown below: + +.. code-block:: ql + + /** @kind path-problem */ + import javascript + import DataFlow::PathGraph + + class MyConfig extends DataFlow::Configuration { + MyConfig() { this = "MyConfig" } + + override predicate isSource(DataFlow::Node node) { ... } + + override predicate isSink(DataFlow::Node node) { ... } + } + + from MyConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink + where cfg.hasFlowPath(source, sink) + select sink, source, sink, "Flow found" + +With the new style this would look like this: + +.. code-block:: ql + + /** @kind path-problem */ + import javascript + + module MyConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { ... } + + predicate isSink(DataFlow::Node node) { ... } + } + + module MyFlow = DataFlow::Global; + + import MyFlow::PathGraph + + from MyFlow::PathNode source, MyFlow::PathNode sink + where MyFlow::flowPath(source, sink) + select sink, source, sink, "Flow found" + +The changes can be summarized as: + +- The ``DataFlow::Configuration`` class was replaced with a module implementing ``DataFlow::ConfigSig``. +- The characteristic predicate was removed (modules have no characteristic predicates). +- Predicates such as ``isSource`` no longer have the ``override`` keyword (as they are defined in a module now). +- The configuration module is being passed to ``DataFlow::Global``, resulting in a new module, called ``MyFlow`` in this example. +- The query imports ``MyFlow::PathGraph`` instead of ``DataFlow::PathGraph``. +- The ``MyConfig cfg`` variable was removed from the ``from`` clause. +- The ``hasFlowPath`` call was replaced with ``MyFlow::flowPath``. +- The type ``DataFlow::PathNode`` was replaced with ``MyFlow::PathNode``. + +With these changes, we have produced an equivalent query that is backed by the new data flow library. + +Taint tracking +-------------- + +For configuration classes extending ``TaintTracking::Configuration``, the migration is similar but with a few differences: + +- The ``TaintTracking::Global`` module should be used instead of ``DataFlow::Global``. +- Some predicates originating from ``TaintTracking::Configuration`` should be renamed to match the ``DataFlow::ConfigSig`` interface: + - ``isSanitizer`` should be renamed to ``isBarrier``. + - ``isAdditionalTaintStep`` should be renamed to ``isAdditionalFlowStep``. + +Note that there is no such thing as ``TaintTracking::ConfigSig``. The ``DataFlow::ConfigSig`` interface is used for both data flow and taint tracking. + +For example: + +.. code-block:: ql + + class MyConfig extends TaintTracking::Configuration { + MyConfig() { this = "MyConfig" } + + predicate isSanitizer(DataFlow::Node node) { ... } + predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { ... } + ... + } + +The above configuration can be migrated to the shared data flow library as follows: + +.. code-block:: ql + + module MyConfig implements DataFlow::ConfigSig { + predicate isBarrier(DataFlow::Node node) { ... } + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { ... } + ... + } + + module MyFlow = TaintTracking::Global; + + +Flow labels and flow states +--------------------------- + +The ``DataFlow::FlowLabel`` class has been deprecated. Queries that relied on flow labels should use the new `flow state` concept instead. +This is done by implementing ``DataFlow::StateConfigSig`` instead of ``DataFlow::ConfigSig``, and passing the module to ``DataFlow::GlobalWithState`` +or ``TaintTracking::GlobalWithState``. See :ref:`using flow state ` for more details about flow state. + +Some changes to be aware of: + +- The 4-argument version of ``isAdditionalFlowStep`` now takes parameters in a different order. + It now takes ``node1, state1, node2, state2`` instead of ``node1, node2, state1, state2``. +- Taint steps apply to all flow states, not just the ``taint`` flow label. See more details further down in this article. + +Barrier guards +-------------- + +The predicates ``isBarrierGuard`` and ``isSanitizerGuard`` have been removed. + +Instead, the ``isBarrier`` predicate must be used to define all barriers. To do this, barrier guards can be reduced to a set of barrier nodes using the ``DataFlow::MakeBarrierGuard`` module. + +For example, consider this data flow configuration using a barrier guard: + +.. code-block:: ql + + class MyConfig extends DataFlow::Configuration { + override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + node instanceof MyBarrierGuard + } + .. + } + + class MyBarrierGuard extends DataFlow::BarrierGuardNode { + MyBarrierGuard() { ... } + + override predicate blocks(Expr e, boolean outcome) { ... } + } + +This can be migrated to the shared data flow library as follows: + +.. code-block:: ql + + module MyConfig implements DataFlow::ConfigSig { + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + .. + } + + class MyBarrierGuard extends DataFlow::Node { + MyBarrierGuard() { ... } + + predicate blocksExpr(Expr e, boolean outcome) { ... } + } + +The changes can be summarized as: +- The contents of ``isBarrierGuard`` have been moved to ``isBarrier``. +- The ``node instanceof MyBarrierGuard`` check was replaced with ``node = DataFlow::MakeBarrierGuard::getABarrierNode()``. +- The ``MyBarrierGuard`` class no longer has ``DataFlow::BarrierGuardNode`` as a base class. We simply use ``DataFlow::Node`` instead. +- The ``blocks`` predicate has been renamed to ``blocksExpr`` and no longer has the ``override`` keyword. + +See :ref:`using flow state ` for examples of how to use barrier guards with flow state. + +Query-specific load and store steps +----------------------------------- + +The predicates ``isAdditionalLoadStep``, ``isAdditionalStoreStep``, and ``isAdditionalLoadStoreStep`` have been removed. There is no way to emulate the original behavior. + +Library models can still contribute such steps, but they will be applicable to all queries. Also see the section on jump steps further down. + +Changes in behavior +-------------------- + +When the query has been migrated to the new interface, it may seem to behave differently due to some technical differences in the internals of +the two data flow libraries. The most significant changes are described below. + +Taint steps now propagate all flow states +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +There's an important change from the old data flow library when using flow state and taint-tracking together. + +When using ``TaintTracking::GlobalWithState``, all flow states can propagate along taint steps. +In the old data flow library, only the ``taint`` flow label could propagate along taint steps. +A straightforward translation of such a query may therefore result in new flow paths being found, which might be unexpected. + +To emulate the old behavior, use ``DataFlow::GlobalWithState`` instead of ``TaintTracking::GlobalWithState``, +and manually add taint steps using ``isAdditionalFlowStep``. The predicate ``TaintTracking::defaultTaintStep`` can be used to access to the set of taint steps. + +For example: + +.. code-block:: ql + + module MyConfig implements DataFlow::StateConfigSig { + class FlowState extends string { + FlowState() { this = ["taint", "foo"] } + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2) { + // Allow taint steps to propagate the "taint" flow state + TaintTracking::defaultTaintStep(node1, node2) and + state1 = "taint" and + state2 = state + } + + ... + } + + module MyFlow = DataFlow::GlobalWithState; + + +Jump steps across function boundaries +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When a flow step crosses a function boundary, that is, it starts and ends in two different functions, it will now be classified as a "jump" step. + +Jump steps can be problematic in some cases. Roughly speaking, the data flow library will "forget" which call site it came from when following a jump step. +This can lead to spurious flow paths that go into a function through one call site, and back out of a different call site. + +If the step was generated by a library model, that is, the step is applicable to all queries, this is best mitigated by converting the step to a flow summary. +For example, the following library model adds a taint step from ``x`` to ``y`` in ``foo.bar(x, y => {})``: + +.. code-block:: ql + + class MyStep extends TaintTracking::SharedTaintStep { + override predicate step(DataFlow::Node node1, DataFlow::Node node2) { + exists(DataFlow::CallNode call | + call = DataFlow::moduleMember("foo", "bar").getACall() and + node1 = call.getArgument(0) and + node2 = call.getCallback(1).getParameter(0) + ) + } + } + +Because this step crosses a function boundary, it becomes a jump step. This can be avoided by converting it to a flow summary as follows: + +.. code-block:: ql + + class MySummary extends DataFlow::SummarizedCallable { + MySummary() { this = "MySummary" } + + override DataFlow::CallNode getACall() { result = DataFlow::moduleMember("foo", "bar").getACall() } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + input = "Argument[this]" and + output = "Argument[1].Parameter[0]" and + preservesValue = false // taint step + } + } + +See :ref:`customizing library models for JavaScript ` for details about the format of the ``input`` and ``output`` strings. +The aforementioned article also provides guidance on how to store the flow summary in a data extension. + +For query-specific steps that cross function boundaries, that is, steps added with ``isAdditionalFlowStep``, there is currently no way to emulate the original behavior. +A possible workaround is to convert the query-specific step to a flow summary. In this case it should be stored in a data extension to avoid performance issues, although this also means +that all other queries will be able to use the flow summary. + +Barriers block all flows +~~~~~~~~~~~~~~~~~~~~~~~~ + +In the shared data flow library, a barrier blocks all flows, even if the tracked value is inside a content. + +In the old data flow library, only barriers specific to the ``data`` flow label blocked flows when the tracked value was inside a content. + +This rarely has significant impact, but some users may observe some result changes because of this. + +There is currently no way to emulate the original behavior. + +Further reading +--------------- + +- :ref:`Analyzing data flow in JavaScript and TypeScript ` provides a general guide to the new data flow library. +- :ref:`Using flow state for precise data flow analysis ` provides a general guide on using flow state. diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 8e5d3c4285b..e85132bf3d9 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -1,9 +1,9 @@ .. _using-flow-labels-for-precise-data-flow-analysis: -Using flow labels for precise data flow analysis +Using flow state for precise data flow analysis ================================================ -You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities. +You can associate a flow state with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities. Overview -------- @@ -16,9 +16,9 @@ program, and associates a flag with every data value telling us whether it might source node. In some cases, you may want to track more detailed information about data values. This can be done -by associating flow labels with data values, as shown in this tutorial. We will first discuss the -general idea behind flow labels and then show how to use them in practice. Finally, we will give an -overview of the API involved and provide some pointers to standard queries that use flow labels. +by associating flow states with data values, as shown in this tutorial. We will first discuss the +general idea behind flow states and then show how to use them in practice. Finally, we will give an +overview of the API involved and provide some pointers to standard queries that use flow states. Limitations of basic data-flow analysis --------------------------------------- @@ -47,22 +47,21 @@ contain ``..`` components. Untrusted user input has both bits set initially, ind off individual bits, and if a value that has at least one bit set is interpreted as a path, a potential vulnerability is flagged. -Using flow labels +Using flow states ----------------- -You can handle these cases and others like them by associating a set of `flow labels` (sometimes -also referred to as `taint kinds`) with each value being tracked by the analysis. Value-preserving +You can handle these cases and others like them by associating a set of `flow states` (sometimes +also referred to as `flow labels` or `taint kinds`) with each value being tracked by the analysis. Value-preserving data-flow steps (such as flow steps from writes to a variable to its reads) preserve the set of flow -labels, but other steps may add or remove flow labels. Sanitizers, in particular, are simply flow -steps that remove some or all flow labels. The initial set of flow labels for a value is determined +states, but other steps may add or remove flow states. The initial set of flow states for a value is determined by the source node that gives rise to it. Similarly, sink nodes can specify that an incoming value -needs to have a certain flow label (or one of a set of flow labels) in order for the flow to be +needs to have a certain flow state (or one of a set of flow states) in order for the flow to be flagged as a potential vulnerability. Example ------- -As an example of using flow labels, we will show how to write a query that flags property accesses +As an example of using flow state, we will show how to write a query that flags property accesses on JSON values that come from user-controlled input where we have not checked whether the value is ``null``, so that the property access may cause a runtime exception. @@ -88,8 +87,8 @@ This code, on the other hand, should not be flagged: } } -We will first try to write a query to find this kind of problem without flow labels, and use the -difficulties we encounter as a motivation for bringing flow labels into play, which will make the +We will first try to write a query to find this kind of problem without flow state, and use the +difficulties we encounter as a motivation for bringing flow state into play, which will make the query much easier to implement. To get started, let's write a query that simply flags any flow from ``JSON.parse`` into the base of @@ -99,24 +98,24 @@ a property access: import javascript - class JsonTrackingConfig extends DataFlow::Configuration { - JsonTrackingConfig() { this = "JsonTrackingConfig" } - - override predicate isSource(DataFlow::Node nd) { + module JsonTrackingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node nd) { exists(JsonParserCall jpc | nd = jpc.getOutput() ) } - override predicate isSink(DataFlow::Node nd) { + predicate isSink(DataFlow::Node nd) { exists(DataFlow::PropRef pr | nd = pr.getBase() ) } } - from JsonTrackingConfig cfg, DataFlow::Node source, DataFlow::Node sink - where cfg.hasFlow(source, sink) + module JsonTrackingFlow = DataFlow::Global; + + from DataFlow::Node source, DataFlow::Node sink + where JsonTrackingFlow::flow(source, sink) select sink, "Property access on JSON value originating $@.", source, "here" Note that we use the ``JsonParserCall`` class from the standard library to model various JSON @@ -127,8 +126,7 @@ introduced any sanitizers yet. There are many ways of checking for nullness directly or indirectly. Since this is not the main focus of this tutorial, we will only show how to model one specific case: if some variable ``v`` is -known to be truthy, it cannot be ``null``. This kind of condition is easily expressed using a -``BarrierGuardNode`` (or its counterpart ``SanitizerGuardNode`` for taint-tracking configurations). +known to be truthy, it cannot be ``null``. This kind of condition is expressed using a "barrier guard". A barrier guard node is a data-flow node ``b`` that blocks flow through some other node ``nd``, provided that some condition checked at ``b`` is known to hold, that is, evaluate to a truthy value. @@ -139,29 +137,29 @@ is a barrier guard blocking flow through the use of ``data`` on the right-hand s At this point we know that ``data`` has evaluated to a truthy value, so it cannot be ``null`` anymore. -Implementing this additional condition is easy. We implement a subclass of ``DataFlow::BarrierGuardNode``: +Implementing this additional condition is easy. We implement a class with a predicate called ``blocksExpr``: .. code-block:: ql - class TruthinessCheck extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { + class TruthinessCheck extends DataFlow::ValueNode { SsaVariable v; TruthinessCheck() { astNode = v.getAUse() } - override predicate blocks(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = astNode } } -and then use it to override predicate ``isBarrierGuard`` in our configuration class: +and then use it to implement the predicate ``isBarrier`` in our configuration module: .. code-block:: ql - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TruthinessCheck + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } With this change, we now flag the problematic case and don't flag the unproblematic case above. @@ -182,11 +180,11 @@ checked for null-guardedness: } } -We could try to remedy the situation by overriding ``isAdditionalFlowStep`` in our configuration class to track values through property reads: +We could try to remedy the situation by adding ``isAdditionalFlowStep`` in our configuration module to track values through property reads: .. code-block:: ql - override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { succ.(DataFlow::PropRead).getBase() = pred } @@ -199,79 +197,86 @@ altogether, it should simply record the fact that ``root`` itself is known to be Any property read from ``root``, on the other hand, may well be null and needs to be checked separately. -We can achieve this by introducing two different flow labels, ``json`` and ``maybe-null``. The former +We can achieve this by introducing two different flow states, ``json`` and ``maybe-null``. The former means that the value we are dealing with comes from a JSON object, the latter that it may be -``null``. The result of any call to ``JSON.parse`` has both labels. A property read from a value -with label ``json`` also has both labels. Checking truthiness removes the ``maybe-null`` label. -Accessing a property on a value that has the ``maybe-null`` label should be flagged. +``null``. The result of any call to ``JSON.parse`` has both states. A property read from a value +with state ``json`` also results in a value with both states. Checking truthiness removes the ``maybe-null`` state. +Accessing a property on a value that has the ``maybe-null`` state should be flagged. -To implement this, we start by defining two new subclasses of the class ``DataFlow::FlowLabel``: +To implement this, we first change the signature of our configuration module to ``DataFlow::StateConfigSig``, and +replace ``DataFlow::Global<...>`` with ``DataFlow::GlobalWithState<...>``: .. code-block:: ql - class JsonLabel extends DataFlow::FlowLabel { - JsonLabel() { - this = "json" - } + module JsonTrackingConfig implements DataFlow::StateConfigSig { + /* ... */ } - class MaybeNullLabel extends DataFlow::FlowLabel { - MaybeNullLabel() { - this = "maybe-null" - } - } + module JsonTrackingFlow = DataFlow::GlobalWithState; -Then we extend our ``isSource`` predicate from above to track flow labels by overriding the two-argument version instead of the one-argument version: +We then add a class called ``FlowState`` which has one value for each flow state: .. code-block:: ql - override predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + module JsonTrackingConfig implements DataFlow::StateConfigSig { + class FlowState extends string { + FlowState() { + this = ["json", "maybe-null"] + } + } + + /* ... */ + } + +Then we extend our ``isSource`` predicate with an additional parameter to specify the flow state: + +.. code-block:: ql + + predicate isSource(DataFlow::Node nd, FlowState state) { exists(JsonParserCall jpc | nd = jpc.getOutput() and - (lbl instanceof JsonLabel or lbl instanceof MaybeNullLabel) + state = ["json", "maybe-null"] // start in either state ) } -Similarly, we make ``isSink`` flow-label aware and require the base of the property read to have the ``maybe-null`` label: +Similarly, we update ``isSink`` and require the base of the property read to have the ``maybe-null`` state: .. code-block:: ql - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node nd, FlowState state) { exists(DataFlow::PropRef pr | nd = pr.getBase() and - lbl instanceof MaybeNullLabel + state = "maybe-null" ) } -Our overriding definition of ``isAdditionalFlowStep`` now needs to specify two flow labels, a -predecessor label ``predlbl`` and a successor label ``succlbl``. In addition to specifying flow from -the predecessor node ``pred`` to the successor node ``succ``, it requires that ``pred`` has label -``predlbl``, and adds label ``succlbl`` to ``succ``. In our case, we use this to add both the -``json`` label and the ``maybe-null`` label to any property read from a value labeled with ``json`` -(no matter whether it has the ``maybe-null`` label): +Our definition of ``isAdditionalFlowStep`` now needs to specify two flow states, a +predecessor state ``predState`` and a successor state ``succState``. In addition to specifying flow from +the predecessor node ``pred`` to the successor node ``succ``, it requires that ``pred`` has state +``predState``, and adds state ``succState`` to ``succ``. In our case, we use this to add both the +``json`` state and the ``maybe-null`` state to any property read from a value in the ``json`` state +(no matter whether it has the ``maybe-null`` state): .. code-block:: ql - override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ, - DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) { + predicate isAdditionalFlowStep(DataFlow::Node pred, FlowState predState, + DataFlow::Node succ, FlowState succState) { succ.(DataFlow::PropRead).getBase() = pred and - predlbl instanceof JsonLabel and - (succlbl instanceof JsonLabel or succlbl instanceof MaybeNullLabel) + predState = "json" and + succState = ["json", "maybe-null"] } -Finally, we turn ``TruthinessCheck`` from a ``BarrierGuardNode`` into a ``LabeledBarrierGuardNode``, -specifying that it only removes the ``maybe-null`` label (but not the ``json`` label) from the -sanitized value: +Finally, we add an additional parameter to the ``isBarrier`` predicate to specify the flow state +to block at the ``TruthinessCheck`` barrier. .. code-block:: ql - class TruthinessCheck extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { - ... + module JsonTrackingConfig implements DataFlow::StateConfigSig { + /* ... */ - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { - outcome = true and - e = astNode and - lbl instanceof MaybeNullLabel + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() and + state = "maybe-null" } } @@ -283,66 +288,60 @@ step by step in the UI: /** @kind path-problem */ import javascript - import DataFlow::PathGraph - class JsonLabel extends DataFlow::FlowLabel { - JsonLabel() { - this = "json" - } - } - - class MaybeNullLabel extends DataFlow::FlowLabel { - MaybeNullLabel() { - this = "maybe-null" - } - } - - class TruthinessCheck extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { + class TruthinessCheck extends DataFlow::ValueNode { SsaVariable v; TruthinessCheck() { astNode = v.getAUse() } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + predicate blocksExpr(boolean outcome, Expr e, JsonTrackingConfig::FlowState state) { outcome = true and e = astNode and - lbl instanceof MaybeNullLabel + state = "maybe-null" } } - class JsonTrackingConfig extends DataFlow::Configuration { - JsonTrackingConfig() { this = "JsonTrackingConfig" } + module JsonTrackingConfig implements DataFlow::StateConfigSig { + class FlowState extends string { + FlowState() { + this = ["json", "maybe-null"] + } + } - override predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node nd, FlowState state) { exists(JsonParserCall jpc | nd = jpc.getOutput() and - (lbl instanceof JsonLabel or lbl instanceof MaybeNullLabel) + state = ["json", "maybe-null"] // start in either state ) } - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node nd, FlowState state) { exists(DataFlow::PropRef pr | nd = pr.getBase() and - lbl instanceof MaybeNullLabel + state = "maybe-null" ) } - override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ, - DataFlow::FlowLabel predlbl, DataFlow::FlowLabel succlbl) { + predicate isAdditionalFlowStep(DataFlow::Node pred, FlowState predState, + DataFlow::Node succ, FlowState succState) { succ.(DataFlow::PropRead).getBase() = pred and - predlbl instanceof JsonLabel and - (succlbl instanceof JsonLabel or succlbl instanceof MaybeNullLabel) + predState = "json" and + succState = ["json", "maybe-null"] } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TruthinessCheck + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() and + state = "maybe-null" } } - from JsonTrackingConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink - where cfg.hasFlowPath(source, sink) - select sink, source, sink, "Property access on JSON value originating $@.", source, "here" + module JsonTrackingFlow = DataFlow::GlobalWithState; + + from DataFlow::Node source, DataFlow::Node sink + where JsonTrackingFlow::flow(source, sink) + select sink, "Property access on JSON value originating $@.", source, "here" We ran this query on the https://github.com/finos/plexus-interop repository. Many of the results were false positives since the query does not currently model many ways in which we can check @@ -354,52 +353,30 @@ this tutorial. API --- -Plain data-flow configurations implicitly use a single flow label "data", which indicates that a -data value originated from a source. You can use the predicate ``DataFlow::FlowLabel::data()``, -which returns this flow label, as a symbolic name for it. +Flow state can be used in modules implementing the ``DataFlow::StateConfigSig`` signature. Compared to a ``DataFlow::ConfigSig`` the main differences are: -Taint-tracking configurations add a second flow label "taint" (``DataFlow::FlowLabel::taint()``), -which is similar to "data", but includes values that have passed through non-value preserving steps -such as string operations. +- The module must be passed to ``DataFlow::GlobalWithState<...>`` or ``TaintTracking::GlobalWithState<...>``. + instead of ``DataFlow::Global<...>`` or ``TaintTracking::Global<...>``. +- The module must contain a type named ``FlowState``. +- ``isSource`` expects an additional parameter specifying the flow state. +- ``isSink`` optionally can take an additional parameter specifying the flow state. + If omitted, the sinks are in effect for all flow states. +- ``isAdditionalFlowStep`` optionally can take two additional parameters specifying the predecessor and successor flow states. + If omitted, the generated steps apply for any flow state and preserve the current flow state. +- ``isBarrier`` optionally can take an additional parameter specifying the flow state to block. + If omitted, the barriers block all flow states. -Each of the three member predicates ``isSource``, ``isSink`` and -``isAdditionalFlowStep``/``isAdditionalTaintStep`` has one version that uses the default flow -labels, and one version that allows specifying custom flow labels through additional arguments. - -For ``isSource``, there is one additional argument specifying which flow label(s) should be -associated with values originating from this source. If multiple flow labels are specified, each -value is associated with `all` of them. - -For ``isSink``, the additional argument specifies which flow label(s) a value that flows into this -source may be associated with. If multiple flow labels are specified, then any value that is -associated with `at least one` of them will be considered by the configuration. - -For ``isAdditionalFlowStep`` there are two additional arguments ``predlbl`` and ``succlbl``, which -allow flow steps to act as flow label transformers. If a value associated with ``predlbl`` arrives -at the start node of the additional step, it is propagated to the end node and associated with -``succlbl``. Of course, ``predlbl`` and ``succlbl`` may be the same, indicating that the flow step -preserves this label. There can also be multiple values of ``succlbl`` for a single ``predlbl`` or -vice versa. - -Note that if you do not restrict ``succlbl`` then it will be allowed to range over all flow labels. -This may cause labels that were previously blocked on a path to reappear, which is not usually what -you want. - -The flow label-aware version of ``isBarrier`` is called ``isLabeledBarrier``: unlike ``isBarrier``, -which prevents any flow past the given node, it only blocks flow of values associated with one of -the specified flow labels. - -Standard queries using flow labels +Standard queries using flow state ---------------------------------- -Some of our standard security queries use flow labels. You can look at their implementation -to get a feeling for how to use flow labels in practice. +Some of our standard security queries use flow state. You can look at their implementation +to get a feeling for how to use flow state in practice. In particular, both of the examples mentioned in the section on limitations of basic data flow above -are from standard security queries that use flow labels. The `Prototype-polluting merge call -`_ query uses two flow labels to distinguish completely +are from standard security queries that use flow state. The `Prototype-polluting merge call +`_ query uses two flow states to distinguish completely tainted objects from partially tainted objects. The `Uncontrolled data used in path expression -`_ query uses four flow labels to track whether a user-controlled +`_ query uses four flow states to track whether a user-controlled string may be an absolute path and whether it may contain ``..`` components. Further reading diff --git a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql index 322cccd5d2b..ac8d7206c66 100644 --- a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql +++ b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql @@ -9,42 +9,42 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A taint-tracking configuration that tracks user-controlled values into a 'userId' property sent to a backend service. */ -class IdorTaint extends TaintTracking::Configuration { - IdorTaint() { this = "IdorTaint" } +module IdorTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } + predicate isSink(DataFlow::Node node) { exists(ClientRequest req | node = req.getADataNode()) } - override predicate isSink(Node node) { exists(ClientRequest req | node = req.getADataNode()) } - - override predicate isAdditionalTaintStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // Step from x -> { userId: x } - succ.(SourceNode).getAPropertyWrite("userId").getRhs() = pred + node2.(DataFlow::SourceNode).getAPropertyWrite("userId").getRhs() = node1 } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + predicate isBarrier(DataFlow::Node node) { // After a check like `if (userId === session.user.id)`, the userId is considered safe. - node instanceof EqualityGuard + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } /** * A sanitizer for values that have successfully been compared to another value. */ -class EqualityGuard extends TaintTracking::SanitizerGuardNode, ValueNode { +class EqualityGuard extends DataFlow::ValueNode { override EqualityTest astNode; - override predicate sanitizes(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity() } } -from IdorTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module IdorTaintFlow = TaintTracking::Global; + +import IdorTaintFlow::PathGraph + +from IdorTaintFlow::PathNode source, IdorTaintFlow::PathNode sink +where IdorTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unauthenticated user ID from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql index d21cc4531fc..b83ee8aaee9 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -9,23 +9,25 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::CallNode).getCalleeName() = "escapeHtml" + } - override predicate isSource(Node node) { node.(CallNode).getCalleeName() = "escapeHtml" } - - override predicate isSink(Node node) { - exists(CallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call | call.getCalleeName().matches("decodeURI%") and node = call.getArgument(0) ) } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink +where DecodingAfterSanitizationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "URI decoding invalidates the HTML sanitization performed $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql index 257872c2752..d10799a8916 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -9,16 +9,14 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A call to a function that may introduce HTML meta-characters by * replacing `%3C` or `\u003C` with `<`. */ -class DecodingCall extends CallNode { +class DecodingCall extends DataFlow::CallNode { string kind; - Node input; + DataFlow::Node input; DecodingCall() { this.getCalleeName().matches("decodeURI%") and @@ -33,20 +31,24 @@ class DecodingCall extends CallNode { string getKind() { result = kind } /** Gets the input being decoded. */ - Node getInput() { result = input } + DataFlow::Node getInput() { result = input } } -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HtmlSanitizerCall } - override predicate isSource(Node node) { node instanceof HtmlSanitizerCall } - - override predicate isSink(Node node) { node = any(DecodingCall c).getInput() } + predicate isSink(DataFlow::Node node) { node = any(DecodingCall c).getInput() } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink, DecodingCall decoder +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from + DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink, + DecodingCall decoder where - cfg.hasFlowPath(source, sink) and + DecodingAfterSanitizationFlow::flowPath(source, sink) and decoder.getInput() = sink.getNode() select sink.getNode(), source, sink, decoder.getKind() + " invalidates $@.", source.getNode(), "this HTML sanitization" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql index 72208237445..2990b3dcf8f 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql @@ -8,16 +8,17 @@ */ import javascript -import DataFlow -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, Node source, Node sink -where cfg.hasFlow(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +from DataFlow::Node source, DataFlow::Node sink +where EvalTaintFlow::flow(source, sink) select sink, "Eval with user-controlled input from $@.", source, "here" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql index 1b07ed151bd..ca49748bd1d 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql @@ -9,18 +9,20 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +import EvalTaintFlow::PathGraph + +from EvalTaintFlow::PathNode source, EvalTaintFlow::PathNode sink +where EvalTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Eval with user-controlled input from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql index 1fe76a178e2..e23f4aa53f9 100644 --- a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql +++ b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -9,8 +9,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A dataflow configuration that tracks authentication tokens ("authKey") @@ -26,33 +24,37 @@ import DataFlow::PathGraph * }), '*'); * ``` */ -class AuthKeyTracking extends DataFlow::Configuration { - AuthKeyTracking() { this = "AuthKeyTracking" } +module AuthKeyTrackingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::PropRead).getPropertyName() = "authKey" + } - override predicate isSource(Node node) { node.(PropRead).getPropertyName() = "authKey" } - - override predicate isSink(Node node) { - exists(MethodCallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::MethodCallNode call | call.getMethodName() = "postMessage" and call.getArgument(1).getStringValue() = "*" and // no restriction on target origin call.getArgument(0) = node ) } - override predicate isAdditionalFlowStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // Step into objects: x -> { f: x } - succ.(SourceNode).getAPropertyWrite().getRhs() = pred + node2.(DataFlow::SourceNode).getAPropertyWrite().getRhs() = node1 or // Step through JSON serialization: x -> JSON.stringify(x) // Note: TaintTracking::Configuration includes this step by default, but not DataFlow::Configuration - exists(CallNode call | - call = globalVarRef("JSON").getAMethodCall("stringify") and - pred = call.getArgument(0) and - succ = call + exists(DataFlow::CallNode call | + call = DataFlow::globalVarRef("JSON").getAMethodCall("stringify") and + node1 = call.getArgument(0) and + node2 = call ) } } -from AuthKeyTracking cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module AuthKeyTracking = DataFlow::Global; + +import AuthKeyTracking::PathGraph + +from AuthKeyTracking::PathNode source, AuthKeyTracking::PathNode sink +where AuthKeyTracking::flowPath(source, sink) select sink.getNode(), source, sink, "Message leaks the authKey from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql index c31095d4995..09cbd049200 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql @@ -9,7 +9,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * The data returned from a MySQL query, such as the `data` parameter in this example: @@ -31,6 +31,6 @@ class MysqlSource extends Source { } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql index f10479daf93..e92667a8c0f 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql @@ -10,7 +10,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * Gets an instance of `mysql.createConnection()`, tracked globally. @@ -45,6 +45,6 @@ class MysqlSource extends Source { MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql index b146b19e54d..51aa6c6a7c3 100644 --- a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql +++ b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql @@ -8,8 +8,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * Gets the name of an unescaped placeholder in a lodash template. @@ -21,13 +19,11 @@ string getAPlaceholderInString(string s) { result = s.regexpCapture(".*<%=\\s*([a-zA-Z0-9_]+)\\s*%>.*", 1) } -class TemplateInjection extends TaintTracking::Configuration { - TemplateInjection() { this = "TemplateInjection" } +module TemplateInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { - exists(CallNode call, string placeholder | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call, string placeholder | call = LodashUnderscore::member("template").getACall() and placeholder = getAPlaceholderInString(call.getArgument(0).getStringValue()) and node = call.getOptionArgument(1, placeholder) @@ -35,7 +31,11 @@ class TemplateInjection extends TaintTracking::Configuration { } } -from TemplateInjection cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module TemplateInjectionFlow = TaintTracking::Global; + +import TemplateInjectionFlow::PathGraph + +from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink +where TemplateInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "User-controlled value from $@ occurs unescaped in a lodash template.", source.getNode(), "here." diff --git a/javascript/ql/lib/change-notes/2025-01-07-dataflow-deprecation.md b/javascript/ql/lib/change-notes/2025-01-07-dataflow-deprecation.md new file mode 100644 index 00000000000..411a836d653 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-01-07-dataflow-deprecation.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* Custom data flow queries will need to be migrated in order to use the shared data flow library. Until migrated, such queries will compile with deprecation warnings and run with a + deprecated copy of the old data flow library. The deprecation layer will be removed in early 2026, after which any unmigrated queries will stop working. + See more information in the [migration guide](https://codeql.github.com/docs/codeql-language-guides/migrating-javascript-dataflow-queries). diff --git a/javascript/ql/lib/change-notes/2025-01-07-dataflow.md b/javascript/ql/lib/change-notes/2025-01-07-dataflow.md new file mode 100644 index 00000000000..9c94c47cd37 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-01-07-dataflow.md @@ -0,0 +1,5 @@ +--- +category: majorAnalysis +--- +* All data flow queries are now using the same underlying data flow library as the other languages analyses, replacing the old one written specifically for JavaScript/TypeScript. + This is a significant change and users may consequently observe differences in the alerts generated by the analysis. diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 6b86693b913..a37a0b685e2 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -9,8 +9,10 @@ dependencies: codeql/dataflow: ${workspace} codeql/mad: ${workspace} codeql/regex: ${workspace} + codeql/ssa: ${workspace} codeql/threat-models: ${workspace} codeql/tutorial: ${workspace} + codeql/typetracking: ${workspace} codeql/util: ${workspace} codeql/xml: ${workspace} codeql/yaml: ${workspace} diff --git a/javascript/ql/lib/semmle/javascript/AMD.qll b/javascript/ql/lib/semmle/javascript/AMD.qll index b28dd5b9b72..3239dba9026 100644 --- a/javascript/ql/lib/semmle/javascript/AMD.qll +++ b/javascript/ql/lib/semmle/javascript/AMD.qll @@ -6,6 +6,7 @@ import javascript private import semmle.javascript.internal.CachedStages private import Expressions.ExprHasNoEffect +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Companion module to the `AmdModuleDefinition` class. @@ -84,10 +85,15 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range result instanceof DataFlow::ValueNode } - private DataFlow::Node getFactoryNodeInternal() { - // To avoid recursion, this should not depend on `SourceNode`. - result = DataFlow::valueNode(this.getLastArgument()) or - result = this.getFactoryNodeInternal().getAPredecessor() + /** + * Gets the factory function of this module definition. + */ + Function getFactoryFunction() { TValueNode(result) = this.getFactoryNodeInternal() } + + private EarlyStageNode getFactoryNodeInternal() { + result = TValueNode(this.getLastArgument()) + or + DataFlow::localFlowStep(result, this.getFactoryNodeInternal()) } /** Gets the expression defining this module. */ @@ -139,7 +145,10 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range * Gets the `i`th parameter of the factory function of this module. */ private Parameter getFactoryParameter(int i) { - this.getFactoryNodeInternal().asExpr().(Function).getParameter(i) = result + exists(Function fun | + this.getFactoryNodeInternal() = TValueNode(fun) and + result = fun.getParameter(i) + ) } /** diff --git a/javascript/ql/lib/semmle/javascript/Arrays.qll b/javascript/ql/lib/semmle/javascript/Arrays.qll index bec711b835a..d8522185886 100644 --- a/javascript/ql/lib/semmle/javascript/Arrays.qll +++ b/javascript/ql/lib/semmle/javascript/Arrays.qll @@ -9,7 +9,7 @@ module ArrayTaintTracking { /** * A taint propagating data flow edge caused by the builtin array functions. */ - private class ArrayFunctionTaintStep extends TaintTracking::SharedTaintStep { + private class ArrayFunctionTaintStep extends TaintTracking::LegacyTaintStep { override predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { arrayFunctionTaintStep(pred, succ, _) } @@ -130,7 +130,7 @@ private module ArrayDataFlow { * A step modeling the creation of an Array using the `Array.from(x)` method. * The step copies the elements of the argument (set, array, or iterator elements) into the resulting array. */ - private class ArrayFrom extends PreCallGraphStep { + private class ArrayFrom extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -150,7 +150,7 @@ private module ArrayDataFlow { * * Such a step can occur both with the `push` and `unshift` methods, or when creating a new array. */ - private class ArrayCopySpread extends PreCallGraphStep { + private class ArrayCopySpread extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -171,7 +171,7 @@ private module ArrayDataFlow { /** * A step for storing an element on an array using `arr.push(e)` or `arr.unshift(e)`. */ - private class ArrayAppendStep extends PreCallGraphStep { + private class ArrayAppendStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { prop = arrayElement() and exists(DataFlow::MethodCallNode call | @@ -202,7 +202,7 @@ private module ArrayDataFlow { * A step for reading/writing an element from an array inside a for-loop. * E.g. a read from `foo[i]` to `bar` in `for(var i = 0; i < arr.length; i++) {bar = foo[i]}`. */ - private class ArrayIndexingStep extends PreCallGraphStep { + private class ArrayIndexingStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(ArrayIndexingAccess access | prop = arrayElement() and @@ -224,7 +224,7 @@ private module ArrayDataFlow { * A step for retrieving an element from an array using `.pop()`, `.shift()`, or `.at()`. * E.g. `array.pop()`. */ - private class ArrayPopStep extends PreCallGraphStep { + private class ArrayPopStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["pop", "shift", "at"] and @@ -245,7 +245,7 @@ private module ArrayDataFlow { * * And the second parameter in the callback is the array ifself, so there is a `loadStoreStep` from the array to that second parameter. */ - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["map", "forEach"] and @@ -277,7 +277,7 @@ private module ArrayDataFlow { /** * A step for creating an array and storing the elements in the array. */ - private class ArrayCreationStep extends PreCallGraphStep { + private class ArrayCreationStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::ArrayCreationNode array, int i | element = array.getElement(i) and @@ -291,7 +291,7 @@ private module ArrayDataFlow { * A step modeling that `splice` can insert elements into an array. * For example in `array.splice(i, del, e1, e2, ...)`: if any item is tainted, then so is `array` */ - private class ArraySpliceStep extends PreCallGraphStep { + private class ArraySpliceStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["splice", "toSpliced"] and @@ -319,7 +319,7 @@ private module ArrayDataFlow { * A step for modeling `concat`. * For example in `e = arr1.concat(arr2, arr3)`: if any of the `arr` is tainted, then so is `e`. */ - private class ArrayConcatStep extends PreCallGraphStep { + private class ArrayConcatStep extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "concat" and @@ -333,7 +333,7 @@ private module ArrayDataFlow { /** * A step for modeling that elements from an array `arr` also appear in the result from calling `slice`/`splice`/`filter`/`toSpliced`. */ - private class ArraySliceStep extends PreCallGraphStep { + private class ArraySliceStep extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["slice", "splice", "filter", "toSpliced"] and @@ -347,7 +347,7 @@ private module ArrayDataFlow { /** * A step modeling that elements from an array `arr` are received by calling `find`. */ - private class ArrayFindStep extends PreCallGraphStep { + private class ArrayFindStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::CallNode call | call = arrayFindCall(pred) and @@ -397,7 +397,7 @@ private module ArrayLibraries { /** * A taint step through the `arrify` library, or other libraries that (maybe) convert values into arrays. */ - private class ArrayifyStep extends TaintTracking::SharedTaintStep { + private class ArrayifyStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(API::CallNode call | call = API::moduleImport(["arrify", "array-ify"]).getACall() | pred = call.getArgument(0) and succ = call @@ -417,7 +417,7 @@ private module ArrayLibraries { /** * A taint step for a library that copies the elements of an array into another array. */ - private class ArrayCopyTaint extends TaintTracking::SharedTaintStep { + private class ArrayCopyTaint extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -429,7 +429,7 @@ private module ArrayLibraries { /** * A loadStoreStep for a library that copies the elements of an array into another array. */ - private class ArrayCopyLoadStore extends PreCallGraphStep { + private class ArrayCopyLoadStore extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -442,7 +442,7 @@ private module ArrayLibraries { /** * A taint step through a call to `Array.prototype.flat` or a polyfill implementing array flattening. */ - private class ArrayFlatStep extends TaintTracking::SharedTaintStep { + private class ArrayFlatStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | succ = call | call.(DataFlow::MethodCallNode).getMethodName() = "flat" and diff --git a/javascript/ql/lib/semmle/javascript/BasicBlocks.qll b/javascript/ql/lib/semmle/javascript/BasicBlocks.qll index 6e6579d6f7e..dfd9c3956b1 100644 --- a/javascript/ql/lib/semmle/javascript/BasicBlocks.qll +++ b/javascript/ql/lib/semmle/javascript/BasicBlocks.qll @@ -3,356 +3,4 @@ * liveness information for local variables. */ -import javascript -private import internal.StmtContainers -private import semmle.javascript.internal.CachedStages - -/** - * Holds if `nd` starts a new basic block. - */ -private predicate startsBB(ControlFlowNode nd) { - not exists(nd.getAPredecessor()) and exists(nd.getASuccessor()) - or - nd.isJoin() - or - nd.getAPredecessor().isBranch() -} - -/** - * Holds if the first node of basic block `succ` is a control flow - * successor of the last node of basic block `bb`. - */ -private predicate succBB(BasicBlock bb, BasicBlock succ) { succ = bb.getLastNode().getASuccessor() } - -/** - * Holds if the first node of basic block `bb` is a control flow - * successor of the last node of basic block `pre`. - */ -private predicate predBB(BasicBlock bb, BasicBlock pre) { succBB(pre, bb) } - -/** Holds if `bb` is an entry basic block. */ -private predicate entryBB(BasicBlock bb) { bb.getFirstNode() instanceof ControlFlowEntryNode } - -/** Holds if `bb` is an exit basic block. */ -private predicate exitBB(BasicBlock bb) { bb.getLastNode() instanceof ControlFlowExitNode } - -cached -private module Internal { - /** - * Holds if `succ` is a control flow successor of `nd` within the same basic block. - */ - private predicate intraBBSucc(ControlFlowNode nd, ControlFlowNode succ) { - succ = nd.getASuccessor() and - not succ instanceof BasicBlock - } - - /** - * Holds if `nd` is the `i`th node in basic block `bb`. - * - * In other words, `i` is the shortest distance from a node `bb` - * that starts a basic block to `nd` along the `intraBBSucc` relation. - */ - cached - predicate bbIndex(BasicBlock bb, ControlFlowNode nd, int i) = - shortestDistances(startsBB/1, intraBBSucc/2)(bb, nd, i) - - cached - int bbLength(BasicBlock bb) { result = strictcount(ControlFlowNode nd | bbIndex(bb, nd, _)) } - - cached - predicate useAt(BasicBlock bb, int i, Variable v, VarUse u) { - Stages::BasicBlocks::ref() and - v = u.getVariable() and - bbIndex(bb, u, i) - } - - cached - predicate defAt(BasicBlock bb, int i, Variable v, VarDef d) { - exists(VarRef lhs | - lhs = d.getTarget().(BindingPattern).getABindingVarRef() and - v = lhs.getVariable() - | - lhs = d.getTarget() and - bbIndex(bb, d, i) - or - exists(PropertyPattern pp | - lhs = pp.getValuePattern() and - bbIndex(bb, pp, i) - ) - or - exists(ObjectPattern op | - lhs = op.getRest() and - bbIndex(bb, lhs, i) - ) - or - exists(ArrayPattern ap | - lhs = ap.getAnElement() and - bbIndex(bb, lhs, i) - ) - ) - } - - cached - predicate reachableBB(BasicBlock bb) { - entryBB(bb) - or - exists(BasicBlock predBB | succBB(predBB, bb) | reachableBB(predBB)) - } -} - -private import Internal - -/** Holds if `dom` is an immediate dominator of `bb`. */ -cached -private predicate bbIDominates(BasicBlock dom, BasicBlock bb) = - idominance(entryBB/1, succBB/2)(_, dom, bb) - -/** Holds if `dom` is an immediate post-dominator of `bb`. */ -cached -private predicate bbIPostDominates(BasicBlock dom, BasicBlock bb) = - idominance(exitBB/1, predBB/2)(_, dom, bb) - -/** - * A basic block, that is, a maximal straight-line sequence of control flow nodes - * without branches or joins. - * - * At the database level, a basic block is represented by its first control flow node. - */ -class BasicBlock extends @cfg_node, NodeInStmtContainer { - cached - BasicBlock() { Stages::BasicBlocks::ref() and startsBB(this) } - - /** Gets a basic block succeeding this one. */ - BasicBlock getASuccessor() { succBB(this, result) } - - /** Gets a basic block preceding this one. */ - BasicBlock getAPredecessor() { result.getASuccessor() = this } - - /** Gets a node in this block. */ - ControlFlowNode getANode() { result = this.getNode(_) } - - /** Gets the node at the given position in this block. */ - ControlFlowNode getNode(int pos) { bbIndex(this, result, pos) } - - /** Gets the first node in this block. */ - ControlFlowNode getFirstNode() { result = this } - - /** Gets the last node in this block. */ - ControlFlowNode getLastNode() { result = this.getNode(this.length() - 1) } - - /** Gets the length of this block. */ - int length() { result = bbLength(this) } - - /** Holds if this basic block uses variable `v` in its `i`th node `u`. */ - predicate useAt(int i, Variable v, VarUse u) { useAt(this, i, v, u) } - - /** Holds if this basic block defines variable `v` in its `i`th node `d`. */ - predicate defAt(int i, Variable v, VarDef d) { defAt(this, i, v, d) } - - /** - * Holds if `v` is live at entry to this basic block and `u` is a use of `v` - * witnessing the liveness. - * - * In other words, `u` is a use of `v` that is reachable from the - * entry node of this basic block without going through a redefinition - * of `v`. The use `u` may either be in this basic block, or in another - * basic block reachable from this one. - */ - predicate isLiveAtEntry(Variable v, VarUse u) { - // restrict `u` to be reachable from this basic block - u = this.getASuccessor*().getANode() and - ( - // shortcut: if `v` is never defined, then it must be live - this.isDefinedInSameContainer(v) - implies - // otherwise, do full liveness computation - this.isLiveAtEntryImpl(v, u) - ) - } - - /** - * Holds if `v` is live at entry to this basic block and `u` is a use of `v` - * witnessing the liveness, where `v` is defined at least once in the enclosing - * function or script. - */ - private predicate isLiveAtEntryImpl(Variable v, VarUse u) { - this.isLocallyLiveAtEntry(v, u) - or - this.isDefinedInSameContainer(v) and - not this.defAt(_, v, _) and - this.getASuccessor().isLiveAtEntryImpl(v, u) - } - - /** - * Holds if `v` is defined at least once in the function or script to which - * this basic block belongs. - */ - private predicate isDefinedInSameContainer(Variable v) { - exists(VarDef def | def.getAVariable() = v and def.getContainer() = this.getContainer()) - } - - /** - * Holds if `v` is a variable that is live at entry to this basic block. - * - * Note that this is equivalent to `bb.isLiveAtEntry(v, _)`, but may - * be more efficient on large databases. - */ - predicate isLiveAtEntry(Variable v) { - this.isLocallyLiveAtEntry(v, _) - or - not this.defAt(_, v, _) and this.getASuccessor().isLiveAtEntry(v) - } - - /** - * Holds if local variable `v` is live at entry to this basic block and - * `u` is a use of `v` witnessing the liveness. - */ - predicate localIsLiveAtEntry(LocalVariable v, VarUse u) { - this.isLocallyLiveAtEntry(v, u) - or - not this.defAt(_, v, _) and this.getASuccessor().localIsLiveAtEntry(v, u) - } - - /** - * Holds if local variable `v` is live at entry to this basic block. - */ - predicate localIsLiveAtEntry(LocalVariable v) { - this.isLocallyLiveAtEntry(v, _) - or - not this.defAt(_, v, _) and this.getASuccessor().localIsLiveAtEntry(v) - } - - /** - * Holds if `d` is a definition of `v` that is reachable from the beginning of - * this basic block without going through a redefinition of `v`. - */ - predicate localMayBeOverwritten(LocalVariable v, VarDef d) { - this.isLocallyOverwritten(v, d) - or - not this.defAt(_, v, _) and this.getASuccessor().localMayBeOverwritten(v, d) - } - - /** - * Gets the next index after `i` in this basic block at which `v` is - * defined or used, provided that `d` is a definition of `v` at index `i`. - * If there are no further uses or definitions of `v` after `i`, the - * result is the length of this basic block. - */ - private int nextDefOrUseAfter(PurelyLocalVariable v, int i, VarDef d) { - this.defAt(i, v, d) and - result = - min(int j | - (this.defAt(j, v, _) or this.useAt(j, v, _) or j = this.length()) and - j > i - ) - } - - /** - * Holds if `d` defines variable `v` at the `i`th node of this basic block, and - * the definition is live, that is, the variable may be read after this - * definition and before a re-definition. - */ - predicate localLiveDefAt(PurelyLocalVariable v, int i, VarDef d) { - exists(int j | j = this.nextDefOrUseAfter(v, i, d) | - this.useAt(j, v, _) - or - j = this.length() and this.getASuccessor().localIsLiveAtEntry(v) - ) - } - - /** - * Holds if `u` is a use of `v` in this basic block, and there are - * no definitions of `v` before it. - */ - private predicate isLocallyLiveAtEntry(Variable v, VarUse u) { - exists(int n | this.useAt(n, v, u) | not exists(int m | m < n | this.defAt(m, v, _))) - } - - /** - * Holds if `d` is a definition of `v` in this basic block, and there are - * no other definitions of `v` before it. - */ - private predicate isLocallyOverwritten(Variable v, VarDef d) { - exists(int n | this.defAt(n, v, d) | not exists(int m | m < n | this.defAt(m, v, _))) - } - - /** - * Gets the basic block that immediately dominates this basic block. - */ - ReachableBasicBlock getImmediateDominator() { bbIDominates(result, this) } -} - -/** - * An unreachable basic block, that is, a basic block - * whose first node is unreachable. - */ -class UnreachableBlock extends BasicBlock { - UnreachableBlock() { this.getFirstNode().isUnreachable() } -} - -/** - * An entry basic block, that is, a basic block - * whose first node is the entry node of a statement container. - */ -class EntryBasicBlock extends BasicBlock { - EntryBasicBlock() { entryBB(this) } -} - -/** - * A basic block that is reachable from an entry basic block. - */ -class ReachableBasicBlock extends BasicBlock { - ReachableBasicBlock() { reachableBB(this) } - - /** - * Holds if this basic block strictly dominates `bb`. - */ - pragma[inline] - predicate strictlyDominates(ReachableBasicBlock bb) { bbIDominates+(this, bb) } - - /** - * Holds if this basic block dominates `bb`. - * - * This predicate is reflexive: each reachable basic block dominates itself. - */ - pragma[inline] - predicate dominates(ReachableBasicBlock bb) { bbIDominates*(this, bb) } - - /** - * Holds if this basic block strictly post-dominates `bb`. - */ - pragma[inline] - predicate strictlyPostDominates(ReachableBasicBlock bb) { bbIPostDominates+(this, bb) } - - /** - * Holds if this basic block post-dominates `bb`. - * - * This predicate is reflexive: each reachable basic block post-dominates itself. - */ - pragma[inline] - predicate postDominates(ReachableBasicBlock bb) { bbIPostDominates*(this, bb) } -} - -/** - * A reachable basic block with more than one predecessor. - */ -class ReachableJoinBlock extends ReachableBasicBlock { - ReachableJoinBlock() { this.getFirstNode().isJoin() } - - /** - * Holds if this basic block belongs to the dominance frontier of `b`, that is - * `b` dominates a predecessor of this block, but not this block itself. - * - * Algorithm from Cooper et al., "A Simple, Fast Dominance Algorithm" (Figure 5), - * who in turn attribute it to Ferrante et al., "The program dependence graph and - * its use in optimization". - */ - predicate inDominanceFrontierOf(ReachableBasicBlock b) { - b = this.getAPredecessor() and not b = this.getImmediateDominator() - or - exists(ReachableBasicBlock prev | this.inDominanceFrontierOf(prev) | - b = prev.getImmediateDominator() and - not b = this.getImmediateDominator() - ) - } -} +import internal.BasicBlockInternal::Public diff --git a/javascript/ql/lib/semmle/javascript/Collections.qll b/javascript/ql/lib/semmle/javascript/Collections.qll index 028c3abe4b3..f3e3eb5a61d 100644 --- a/javascript/ql/lib/semmle/javascript/Collections.qll +++ b/javascript/ql/lib/semmle/javascript/Collections.qll @@ -16,7 +16,7 @@ private module CollectionDataFlow { /** * A step for `Set.add()` method, which adds an element to a Set. */ - private class SetAdd extends PreCallGraphStep { + private class SetAdd extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("add") and @@ -29,7 +29,7 @@ private module CollectionDataFlow { /** * A step for the `Set` constructor, which copies any elements from the first argument into the resulting set. */ - private class SetConstructor extends PreCallGraphStep { + private class SetConstructor extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -49,7 +49,7 @@ private module CollectionDataFlow { * For sets and iterators the l-value are the elements of the set/iterator. * For maps the l-value is a tuple containing a key and a value. */ - private class ForOfStep extends PreCallGraphStep { + private class ForOfStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node e, string prop) { exists(ForOfStmt forOf | obj = forOf.getIterationDomain().flow() and @@ -73,7 +73,7 @@ private module CollectionDataFlow { /** * A step for a call to `forEach` on a Set or Map. */ - private class SetMapForEach extends PreCallGraphStep { + private class SetMapForEach extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "forEach" and @@ -88,7 +88,7 @@ private module CollectionDataFlow { * A call to the `get` method on a Map. * If the key of the call to `get` has a known string value, then only the value corresponding to that key will be retrieved. (The known string value is encoded as part of the pseudo-property) */ - private class MapGet extends PreCallGraphStep { + private class MapGet extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "get" and @@ -108,7 +108,7 @@ private module CollectionDataFlow { * Otherwise the value will be stored into a pseudo-property corresponding to values with unknown keys. * The value will additionally be stored into a pseudo-property corresponding to all values. */ - class MapSet extends PreCallGraphStep { + class MapSet extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("set") and @@ -121,7 +121,7 @@ private module CollectionDataFlow { /** * A step for a call to `values` on a Map or a Set. */ - private class MapAndSetValues extends PreCallGraphStep { + private class MapAndSetValues extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -138,7 +138,7 @@ private module CollectionDataFlow { /** * A step for a call to `keys` on a Set. */ - private class SetKeys extends PreCallGraphStep { + private class SetKeys extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { diff --git a/javascript/ql/lib/semmle/javascript/Generators.qll b/javascript/ql/lib/semmle/javascript/Generators.qll index 06a19d1cfdf..b2b81ef5c88 100644 --- a/javascript/ql/lib/semmle/javascript/Generators.qll +++ b/javascript/ql/lib/semmle/javascript/Generators.qll @@ -11,7 +11,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep private module GeneratorDataFlow { private import DataFlow::PseudoProperties - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isGenerator() | prop = iteratorElement() and diff --git a/javascript/ql/lib/semmle/javascript/NodeJS.qll b/javascript/ql/lib/semmle/javascript/NodeJS.qll index 823ddae93c4..cd00e06e722 100644 --- a/javascript/ql/lib/semmle/javascript/NodeJS.qll +++ b/javascript/ql/lib/semmle/javascript/NodeJS.qll @@ -4,6 +4,7 @@ import javascript private import NodeModuleResolutionImpl private import semmle.javascript.DynamicPropertyAccess as DynamicPropertyAccess private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowNode /** * A Node.js module. @@ -240,69 +241,78 @@ private class RequireVariable extends Variable { */ private predicate moduleInFile(Module m, File f) { m.getFile() = f } -private predicate isModuleModule(DataFlow::Node nd) { - exists(ImportDeclaration imp | - imp.getImportedPath().getValue() = "module" and - nd = - [ - DataFlow::destructuredModuleImportNode(imp), - DataFlow::valueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) - ] +private predicate isModuleModule(EarlyStageNode nd) { + exists(ImportDeclaration imp | imp.getImportedPath().getValue() = "module" | + nd = TDestructuredModuleImportNode(imp) + or + nd = TValueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) ) or - isModuleModule(nd.getAPredecessor()) + exists(EarlyStageNode other | + isModuleModule(other) and + DataFlow::localFlowStep(other, nd) + ) } -private predicate isCreateRequire(DataFlow::Node nd) { +private predicate isCreateRequire(EarlyStageNode nd) { exists(PropAccess prop | - isModuleModule(prop.getBase().flow()) and + isModuleModule(TValueNode(prop.getBase())) and prop.getPropertyName() = "createRequire" and - nd = prop.flow() + nd = TValueNode(prop) ) or exists(PropertyPattern prop | - isModuleModule(prop.getObjectPattern().flow()) and + isModuleModule(TValueNode(prop.getObjectPattern())) and prop.getName() = "createRequire" and - nd = prop.getValuePattern().flow() + nd = TValueNode(prop.getValuePattern()) ) or exists(ImportDeclaration decl, NamedImportSpecifier spec | decl.getImportedPath().getValue() = "module" and spec = decl.getASpecifier() and spec.getImportedName() = "createRequire" and - nd = spec.flow() + nd = TValueNode(spec) ) or - isCreateRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isCreateRequire(other) and + DataFlow::localFlowStep(other, nd) + ) } /** * Holds if `nd` may refer to `require`, either directly or modulo local data flow. */ cached -private predicate isRequire(DataFlow::Node nd) { - nd.asExpr() = any(RequireVariable req).getAnAccess() and - // `mjs` files explicitly disallow `require` - not nd.getFile().getExtension() = "mjs" +private predicate isRequire(EarlyStageNode nd) { + exists(VarAccess access | + access = any(RequireVariable v).getAnAccess() and + nd = TValueNode(access) and + // `mjs` files explicitly disallow `require` + not access.getFile().getExtension() = "mjs" + ) or - isRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isRequire(other) and + DataFlow::localFlowStep(other, nd) + ) or // `import { createRequire } from 'module';`. // specialized to ES2015 modules to avoid recursion in the `DataFlow::moduleImport()` predicate and to avoid // negative recursion between `Import.getImportedModuleNode()` and `Import.getImportedModule()`, and // to avoid depending on `SourceNode` as this would make `SourceNode::Range` recursive. exists(CallExpr call | - isCreateRequire(call.getCallee().flow()) and - nd = call.flow() + isCreateRequire(TValueNode(call.getCallee())) and + nd = TValueNode(call) ) or // `$.require('underscore');`. // NPM as supported in [XSJS files](https://www.npmjs.com/package/@sap/async-xsjs#npm-packages-support). exists(MethodCallExpr require | - nd.getFile().getExtension() = ["xsjs", "xsjslib"] and + require.getFile().getExtension() = ["xsjs", "xsjslib"] and require.getCalleeName() = "require" and require.getReceiver().(GlobalVarAccess).getName() = "$" and - nd = require.getCallee().flow() + nd = TValueNode(require.getCallee()) ) } @@ -316,7 +326,7 @@ private predicate isRequire(DataFlow::Node nd) { * ``` */ class Require extends CallExpr, Import { - Require() { isRequire(this.getCallee().flow()) } + Require() { isRequire(TValueNode(this.getCallee())) } override PathExpr getImportedPath() { result = this.getArgument(0) } @@ -410,7 +420,7 @@ private class RequirePath extends PathExprCandidate { this = any(Require req).getArgument(0) or exists(MethodCallExpr reqres | - isRequire(reqres.getReceiver().flow()) and + isRequire(TValueNode(reqres.getReceiver())) and reqres.getMethodName() = "resolve" and this = reqres.getArgument(0) ) diff --git a/javascript/ql/lib/semmle/javascript/Paths.qll b/javascript/ql/lib/semmle/javascript/Paths.qll index 5f8452f5251..66a840e9f26 100644 --- a/javascript/ql/lib/semmle/javascript/Paths.qll +++ b/javascript/ql/lib/semmle/javascript/Paths.qll @@ -4,6 +4,7 @@ */ import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Internal representation of paths as lists of components. @@ -381,16 +382,16 @@ private class PathExprString extends PathString { } pragma[nomagic] -private DataFlow::Node getAPathExprAlias(PathExpr expr) { - result.getImmediatePredecessor().asExpr() = expr +private EarlyStageNode getAPathExprAlias(PathExpr expr) { + DataFlow::Impl::earlyStageImmediateFlowStep(TValueNode(expr), result) or - result.getImmediatePredecessor() = getAPathExprAlias(expr) + DataFlow::Impl::earlyStageImmediateFlowStep(getAPathExprAlias(expr), result) } private class PathExprFromAlias extends PathExpr { private PathExpr other; - PathExprFromAlias() { this = getAPathExprAlias(other).asExpr() } + PathExprFromAlias() { TValueNode(this) = getAPathExprAlias(other) } override string getValue() { result = other.getValue() } @@ -435,13 +436,15 @@ abstract class PathExprCandidate extends Expr { pragma[nomagic] private Expr getAPart1() { result = this or result = this.getAPart().getAChildExpr() } + private EarlyStageNode getAnAliasedPart1() { + result = TValueNode(this.getAPart1()) + or + DataFlow::Impl::earlyStageImmediateFlowStep(result, this.getAnAliasedPart1()) + } + /** - * Gets an expression that is nested inside this expression. - * - * Equivalent to `getAChildExpr*()`, but useful to enforce a better join order (in spite of - * what the optimizer thinks, there are generally far fewer `PathExprCandidate`s than - * `ConstantString`s). + * Gets an expression that is depended on by an expression nested inside this expression. */ pragma[nomagic] - Expr getAPart() { result = this.getAPart1().flow().getImmediatePredecessor*().asExpr() } + Expr getAPart() { TValueNode(result) = this.getAnAliasedPart1() } } diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll index bb1ee9326d8..c254128f87b 100644 --- a/javascript/ql/lib/semmle/javascript/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/Promises.qll @@ -6,7 +6,9 @@ import javascript private import dataflow.internal.StepSummary /** - * A definition of a `Promise` object. + * A call to the `Promise` constructor, such as `new Promise((resolve, reject) => { ... })`. + * + * This includes calls to the built-in `Promise` constructor as well as promise implementations from known libraries, such as `bluebird`. */ abstract class PromiseDefinition extends DataFlow::SourceNode { /** Gets the executor function of this promise object. */ @@ -196,6 +198,8 @@ module Promises { override string getAProperty() { result = [valueProp(), errorProp()] } } + + predicate promiseConstructorRef = getAPromiseObject/0; } /** @@ -267,7 +271,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep * These steps are for `await p`, `new Promise()`, `Promise.resolve()`, * `Promise.then()`, `Promise.catch()`, and `Promise.finally()`. */ -private class PromiseStep extends PreCallGraphStep { +private class PromiseStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { PromiseFlow::loadStep(obj, element, prop) } @@ -459,7 +463,7 @@ module PromiseFlow { } } -private class PromiseTaintStep extends TaintTracking::SharedTaintStep { +private class PromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { // from `x` to `new Promise((res, rej) => res(x))` pred = succ.(PromiseDefinition).getResolveParameter().getACall().getArgument(0) @@ -530,7 +534,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary and exceptional returns from async functions. */ - private class AsyncReturn extends PreCallGraphStep { + private class AsyncReturn extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isAsync() | // ordinary return @@ -548,7 +552,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary return from an async function in a taint configuration. */ - private class AsyncTaintReturn extends TaintTracking::SharedTaintStep { + private class AsyncTaintReturn extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(Function f | f.isAsync() and @@ -665,7 +669,7 @@ private module ClosurePromise { /** * Taint steps through closure promise methods. */ - private class ClosurePromiseTaintStep extends TaintTracking::SharedTaintStep { + private class ClosurePromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { // static methods in goog.Promise exists(DataFlow::CallNode call, string name | @@ -699,7 +703,7 @@ private module DynamicImportSteps { * let Foo = await import('./foo'); * ``` */ - class DynamicImportStep extends PreCallGraphStep { + class DynamicImportStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DynamicImportExpr imprt | pred = imprt.getImportedModule().getAnExportedValue("default") and diff --git a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll index 0b84e9a734b..5104469635d 100644 --- a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll +++ b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll @@ -69,7 +69,7 @@ private class ArrayIterationCallbackAsPartialInvoke extends DataFlow::PartialInv * A flow step propagating the exception thrown from a callback to a method whose name coincides * a built-in Array iteration method, such as `forEach` or `map`. */ -private class IteratorExceptionStep extends DataFlow::SharedFlowStep { +private class IteratorExceptionStep extends DataFlow::LegacyFlowStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["forEach", "each", "map", "filter", "some", "every", "fold", "reduce"] and @@ -160,6 +160,15 @@ class StringReplaceCall extends DataFlow::MethodCallNode { new = ret.getStringValue() ) } + + /** + * Holds if this call takes a regexp containing a wildcard-like term such as `.`. + * + * Also see `RegExp::isWildcardLike`. + */ + final predicate hasRegExpContainingWildcard() { + RegExp::isWildcardLike(this.getRegExp().getRoot().getAChild*()) + } } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll new file mode 100644 index 00000000000..d0deff8788c --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll @@ -0,0 +1,397 @@ +/** + * This contains three step-contribution classes, in order to support graceful deprecation of the old data flow library. + * + * - `class AdditionalFlowStep`: steps used only by the new dataflow library + * - `class LegacyFlowStep`: steps used only by the old data flow library + * - `class SharedFlowStep`: steps used by both + * + * The latter two will be deprecated in the future, but are currently not marked as `deprecated`. + * This is because a library model should be able to support both data flow libraries simultaneously, without itself getting + * deprecation warnings. + * + * To simplify correct consumption of these steps there is a correspondingly-named module for each: + * + * - `module AdditionalFlowStep`: exposes steps from `AdditionalFlowStep` and `SharedFlowStep` subclasses. + * - `module LegacyFlowStep`: exposes steps from `LegacyFlowStep` and `SharedFlowStep` subclasses. + * - `module SharedFlowStep`: exposes steps from all three classes. + * + * This design is intended to simplify consumption of steps, and to ensure existing consumers of `SharedFlowStep` + * outside this codebase will continue to work with as few surprises as possible. + */ + +private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A value-preserving data flow edge that should be used in all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * As an alternative to this class, consider using `DataFlow::SummarizedCallable`. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Use `isAdditionalFlowStep` for query-specific flow steps. + */ +class AdditionalFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge.f + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` should be stored in the given `content` of the object `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } + + /** + * Holds if the given `content` of the object in `pred` should be read into `succ`. + */ + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `AdditionalFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module AdditionalFlowStep { + cached + private module Internal { + // Forces this to be part of the `FlowSteps` stage. + // We use a public predicate in a private module to avoid warnings about this being unused. + cached + predicate forceStage() { Stages::FlowSteps::ref() } + } + + bindingset[a, b] + pragma[inline_late] + private predicate sameContainer(DataFlow::Node a, DataFlow::Node b) { + a.getContainer() = b.getContainer() + } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + sameContainer(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + cached + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).jumpStep(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + not sameContainer(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).storeStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).storeStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } + + /** + * Holds if the property `prop` of the object `pred` should be read into `succ`. + */ + cached + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).readStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).loadStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } +} + +/** + * A data flow edge that is only seen by the old, deprecated data flow library. + * + * This class is typically used when a step has been replaced by a flow summary. Since the old data flow + * library does not support flow summaries, such a step should remain as a legacy step, until the old data flow + * library can be removed. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class LegacyFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries. + * + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + deprecated predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `LegacyFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module LegacyFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) + } + + /** + * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries. + * + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + cached + deprecated predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyFlowStep s).storeStep(pred, succ, prop) + or + any(SharedFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} + +/** + * A data flow edge that should be added to all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class SharedFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries. + * + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + deprecated predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `SharedFlowStep`, `LegacyFlowStep`, and `AdditionalFlowStep` subclasses. + */ +module SharedFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + pragma[inline] + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedFlowStep s).step(pred, succ) + or + any(AdditionalFlowStep s).step(pred, succ) + or + any(LegacyFlowStep s).step(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + pragma[inline] + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(SharedFlowStep s).storeStep(pred, succ, prop) + or + any(AdditionalFlowStep s) + .storeStep(pred, DataFlow::ContentSet::property(prop), succ.getALocalUse()) + or + any(LegacyFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + pragma[inline] + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStep(pred, succ, prop) + or + any(AdditionalFlowStep s).readStep(pred, DataFlow::ContentSet::property(prop), succ) + or + any(LegacyFlowStep s).loadStep(pred, succ, prop) + } + + // The following are aliases for old step predicates that have no corresponding predicate in AdditionalFlowStep + /** + * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries. + * + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + deprecated predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll new file mode 100644 index 00000000000..a0752d768fa --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll @@ -0,0 +1,424 @@ +/** + * Note: The contents of this file are exposed with the `TaintTracking::` prefix, via an import in `TaintTracking.qll`. + */ + +private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations, but only those that use the new data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * As an alternative to this class, consider using `DataFlow::SummarizedCallable`. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Use `isAdditionalFlowStep` for query-specific taint steps. + */ +class AdditionalTaintStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations in addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class SharedTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * A taint-propagating data flow edge that should be used with the old data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class LegacyTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * Module existing only to ensure all taint steps are cached as a single stage, + * and without the the `Unit` type column. + */ +cached +private module Cached { + cached + predicate forceStage() { Stages::Taint::ref() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, which doesn't fit into a more specific category. + */ + cached + predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).step(pred, succ) + or + any(LegacyTaintStep step).step(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, contribued by the heuristics library. + */ + cached + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heuristicStep(pred, succ) + or + any(LegacyTaintStep step).heuristicStep(pred, succ) + } + + /** + * Public taint step relations. + */ + cached + module Public { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a URI library function. + */ + cached + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).uriStep(pred, succ) + or + any(LegacyTaintStep step).uriStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. + */ + cached + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).persistentStorageStep(pred, succ) + or + any(LegacyTaintStep step).persistentStorageStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. + */ + cached + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heapStep(pred, succ) + or + any(LegacyTaintStep step).heapStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through an array. + */ + cached + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).arrayStep(pred, succ) + or + any(LegacyTaintStep step).arrayStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the + * properties of a view compenent, such as the `state` or `props` of a React component. + */ + cached + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).viewComponentStep(pred, succ) + or + any(LegacyTaintStep step).viewComponentStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string + * concatenation. + */ + cached + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringConcatenationStep(pred, succ) + or + any(LegacyTaintStep step).stringConcatenationStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation + * (other than concatenation). + */ + cached + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringManipulationStep(pred, succ) + or + any(LegacyTaintStep step).stringManipulationStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + cached + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).serializeStep(pred, succ) + or + any(LegacyTaintStep step).serializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + cached + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).deserializeStep(pred, succ) + or + any(LegacyTaintStep step).deserializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + cached + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).promiseStep(pred, succ) + or + any(LegacyTaintStep step).promiseStep(pred, succ) + } + } +} + +import Cached::Public + +/** + * Holds if `pred -> succ` is an edge used by all taint-tracking configurations in + * the old data flow library. + * + * The new data flow library uses a different set of steps, exposed by `AdditionalTaintStep::step`. + */ +predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + Cached::genericStep(pred, succ) or + Cached::heuristicStep(pred, succ) or + uriStep(pred, succ) or + persistentStorageStep(pred, succ) or + heapStep(pred, succ) or + arrayStep(pred, succ) or + viewComponentStep(pred, succ) or + stringConcatenationStep(pred, succ) or + stringManipulationStep(pred, succ) or + serializeStep(pred, succ) or + deserializeStep(pred, succ) or + promiseStep(pred, succ) +} + +/** + * Contains predicates for accessing the taint steps used by taint-tracking configurations + * in the new data flow library. + */ +module AdditionalTaintStep { + /** + * Holds if `pred` → `succ` is considered a taint-propagating data flow edge when + * using the new data flow library. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalTaintStep step).step(pred, succ) or + any(SharedTaintStep step).step(pred, succ) or + any(SharedTaintStep step).heuristicStep(pred, succ) or + any(SharedTaintStep step).uriStep(pred, succ) or + any(SharedTaintStep step).persistentStorageStep(pred, succ) or + any(SharedTaintStep step).heapStep(pred, succ) or + any(SharedTaintStep step).arrayStep(pred, succ) or + any(SharedTaintStep step).viewComponentStep(pred, succ) or + any(SharedTaintStep step).stringConcatenationStep(pred, succ) or + any(SharedTaintStep step).stringManipulationStep(pred, succ) or + any(SharedTaintStep step).serializeStep(pred, succ) or + any(SharedTaintStep step).deserializeStep(pred, succ) or + any(SharedTaintStep step).promiseStep(pred, succ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll b/javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll index 54d7927a7f6..bc527b500c9 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll @@ -1,5 +1,6 @@ /** * Alias for the library `semmle.javascript.explore.BackwardDataFlow`. */ +deprecated module; import semmle.javascript.explore.BackwardDataFlow diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 50183c656b2..f773000c8cc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -6,10 +6,6 @@ * Additional data flow edges can be specified, and conversely certain nodes or * edges can be designated as _barriers_ that block flow. * - * NOTE: The API of this library is not stable yet and may change in - * the future. - * - * * # Technical overview * * This module implements a summarization-based inter-procedural data flow @@ -67,14 +63,22 @@ * Finally, we build `PathNode`s for all nodes that appear on a path * computed by `onPath`. */ +deprecated module; private import javascript private import internal.FlowSteps private import internal.AccessPaths private import semmle.javascript.Unit private import semmle.javascript.internal.CachedStages +private import AdditionalFlowSteps +private import internal.DataFlowPrivate as DataFlowPrivate /** + * DEPRECATED. + * Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface. + * See the [migration guide](https://codeql.github.com/docs/codeql-language-guides/migrating-javascript-dataflow-queries) for more details. + * + * #### Legacy documentation * A data flow tracking configuration for finding inter-procedural paths from * sources to sinks. * @@ -84,7 +88,7 @@ private import semmle.javascript.internal.CachedStages * define additional edges beyond the standard data flow edges (`isAdditionalFlowStep`) * and prohibit intermediate flow nodes and edges (`isBarrier`). */ -abstract class Configuration extends string { +abstract deprecated class Configuration extends string { bindingset[this] Configuration() { any() } @@ -159,7 +163,7 @@ abstract class Configuration extends string { * Holds if the intermediate flow node `node` is prohibited. */ predicate isBarrier(DataFlow::Node node) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, "") ) @@ -199,7 +203,7 @@ abstract class Configuration extends string { * Holds if flow with label `lbl` cannot flow into `node`. */ predicate isLabeledBarrier(DataFlow::Node node, FlowLabel lbl) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, lbl) ) @@ -280,13 +284,23 @@ abstract class Configuration extends string { * `isBarrierGuard` or `AdditionalBarrierGuardNode`. */ pragma[nomagic] -private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNode guard) { +deprecated private predicate isBarrierGuardInternal( + Configuration cfg, BarrierGuardNodeInternal guard +) { cfg.isBarrierGuard(guard) or guard.(AdditionalBarrierGuardNode).appliesTo(cfg) + or + guard.(DerivedBarrierGuardNode).appliesTo(cfg) + or + cfg instanceof TaintTracking::Configuration and + guard.(TaintTracking::AdditionalSanitizerGuardNode).appliesTo(cfg) } /** + * DEPRECATED. Use a query-specific `FlowState` class instead. + * See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details. + * * A label describing the kind of information tracked by a flow configuration. * * There are two standard labels "data" and "taint". @@ -295,7 +309,7 @@ private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNode gua * - "taint" additionally permits flow through transformations such as string operations, * and is the default flow source for a `TaintTracking::Configuration`. */ -abstract class FlowLabel extends string { +abstract deprecated class FlowLabel extends string { bindingset[this] FlowLabel() { any() } @@ -324,16 +338,16 @@ abstract class FlowLabel extends string { * * This is an alias of `FlowLabel`, so the two types can be used interchangeably. */ -class TaintKind = FlowLabel; +deprecated class TaintKind = FlowLabel; /** * A standard flow label, that is, either `FlowLabel::data()` or `FlowLabel::taint()`. */ -class StandardFlowLabel extends FlowLabel { +deprecated class StandardFlowLabel extends FlowLabel { StandardFlowLabel() { this = "data" or this = "taint" } } -module FlowLabel { +deprecated module FlowLabel { /** * Gets the standard flow label for describing values that directly originate from a flow source. */ @@ -346,6 +360,8 @@ module FlowLabel { FlowLabel taint() { result = "taint" } } +abstract private class BarrierGuardNodeInternal extends DataFlow::Node { } + /** * A node that can act as a barrier when appearing in a condition. * @@ -357,7 +373,7 @@ module FlowLabel { * classes as precise as possible: if two subclasses of `BarrierGuardNode` overlap, their * implementations of `blocks` will _both_ apply to any configuration that includes either of them. */ -abstract class BarrierGuardNode extends DataFlow::Node { +abstract deprecated class BarrierGuardNode extends BarrierGuardNodeInternal { /** * Holds if this node blocks expression `e` provided it evaluates to `outcome`. * @@ -371,31 +387,51 @@ abstract class BarrierGuardNode extends DataFlow::Node { predicate blocks(boolean outcome, Expr e, FlowLabel label) { none() } } +/** + * Barrier guards derived from other barrier guards. + */ +abstract deprecated private class DerivedBarrierGuardNode extends BarrierGuardNodeInternal { + abstract deprecated predicate appliesTo(Configuration cfg); + + /** + * Holds if this node blocks expression `e` from flow of type `label`, provided it evaluates to `outcome`. + * + * `label` is bound to the empty string if it blocks all flow labels. + */ + abstract predicate blocks(boolean outcome, Expr e, string label); +} + +/** + * Barrier guards derived from `AdditionalSanitizerGuard` + */ +deprecated private class BarrierGuardNodeFromAdditionalSanitizerGuard extends BarrierGuardNodeInternal instanceof TaintTracking::AdditionalSanitizerGuardNode +{ } + /** * Holds if data flow node `guard` acts as a barrier for data flow. * * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksExpr( - BarrierGuardNode guard, boolean outcome, Expr test, string label +deprecated private predicate barrierGuardBlocksExpr( + BarrierGuardNodeInternal guard, boolean outcome, Expr test, string label ) { - guard.blocks(outcome, test) and label = "" + guard.(BarrierGuardNode).blocks(outcome, test) and label = "" or - guard.blocks(outcome, test, label) + guard.(BarrierGuardNode).blocks(outcome, test, label) or - // Handle labelled barrier guard functions specially, to avoid negative recursion - // through the non-abstract 3-argument version of blocks(). - guard.(AdditionalBarrierGuardCall).internalBlocksLabel(outcome, test, label) + guard.(DerivedBarrierGuardNode).blocks(outcome, test, label) or - guard.(CallAgainstEqualityCheck).internalBlocksLabel(outcome, test, label) + guard.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(outcome, test) and label = "taint" + or + guard.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(outcome, test, label) } /** * Holds if `guard` may block the flow of a value reachable through exploratory flow. */ pragma[nomagic] -private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { +deprecated private predicate barrierGuardIsRelevant(BarrierGuardNodeInternal guard) { exists(Expr e | barrierGuardBlocksExpr(guard, _, e, _) and isRelevantForward(e.flow(), _) @@ -409,8 +445,8 @@ private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksAccessPath( - BarrierGuardNode guard, boolean outcome, AccessPath ap, string label +deprecated private predicate barrierGuardBlocksAccessPath( + BarrierGuardNodeInternal guard, boolean outcome, AccessPath ap, string label ) { barrierGuardIsRelevant(guard) and barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), label) @@ -422,8 +458,8 @@ private predicate barrierGuardBlocksAccessPath( * This predicate is outlined to give the optimizer a hint about the join ordering. */ pragma[nomagic] -private predicate barrierGuardBlocksSsaRefinement( - BarrierGuardNode guard, boolean outcome, SsaRefinementNode ref, string label +deprecated private predicate barrierGuardBlocksSsaRefinement( + BarrierGuardNodeInternal guard, boolean outcome, SsaRefinementNode ref, string label ) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = ref.getGuard().getTest() and @@ -438,8 +474,8 @@ private predicate barrierGuardBlocksSsaRefinement( * `outcome` is bound to the outcome of `cond` for join-ordering purposes. */ pragma[nomagic] -private predicate barrierGuardUsedInCondition( - BarrierGuardNode guard, ConditionGuardNode cond, boolean outcome +deprecated private predicate barrierGuardUsedInCondition( + BarrierGuardNodeInternal guard, ConditionGuardNode cond, boolean outcome ) { barrierGuardIsRelevant(guard) and outcome = cond.getOutcome() and @@ -457,7 +493,9 @@ private predicate barrierGuardUsedInCondition( * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node nd, string label) { +deprecated private predicate barrierGuardBlocksNode( + BarrierGuardNodeInternal guard, DataFlow::Node nd, string label +) { // 1) `nd` is a use of a refinement node that blocks its input variable exists(SsaRefinementNode ref, boolean outcome | nd = DataFlow::ssaDefinitionNode(ref) and @@ -480,8 +518,8 @@ private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksEdge( - BarrierGuardNode guard, DataFlow::Node pred, DataFlow::Node succ, string label +deprecated private predicate barrierGuardBlocksEdge( + BarrierGuardNodeInternal guard, DataFlow::Node pred, DataFlow::Node succ, string label ) { exists( SsaVariable input, SsaPhiNode phi, BasicBlock bb, ConditionGuardNode cond, boolean outcome @@ -501,7 +539,9 @@ private predicate barrierGuardBlocksEdge( * This predicate exists to get a better join-order for the `barrierGuardBlocksEdge` predicate above. */ pragma[noinline] -private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuardNode cond) { +deprecated private BasicBlock getADominatedBasicBlock( + BarrierGuardNodeInternal guard, ConditionGuardNode cond +) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = cond.getTest() and cond.dominates(result) @@ -513,11 +553,13 @@ private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuar * * Only holds for barriers that should apply to all flow labels. */ -private predicate isBarrierEdgeRaw(Configuration cfg, DataFlow::Node pred, DataFlow::Node succ) { +deprecated private predicate isBarrierEdgeRaw( + Configuration cfg, DataFlow::Node pred, DataFlow::Node succ +) { cfg.isBarrierEdge(pred, succ) or - exists(DataFlow::BarrierGuardNode guard | - cfg.isBarrierGuard(guard) and + exists(BarrierGuardNodeInternal guard | + isBarrierGuardInternal(cfg, guard) and barrierGuardBlocksEdge(guard, pred, succ, "") ) } @@ -529,7 +571,9 @@ private predicate isBarrierEdgeRaw(Configuration cfg, DataFlow::Node pred, DataF * Only holds for barriers that should apply to all flow labels. */ pragma[inline] -private predicate isBarrierEdge(Configuration cfg, DataFlow::Node pred, DataFlow::Node succ) { +deprecated private predicate isBarrierEdge( + Configuration cfg, DataFlow::Node pred, DataFlow::Node succ +) { isBarrierEdgeRaw(cfg, pred, succ) or cfg.isBarrierOut(pred) @@ -541,13 +585,13 @@ private predicate isBarrierEdge(Configuration cfg, DataFlow::Node pred, DataFlow * Holds if there is a labeled barrier edge `pred -> succ` in `cfg` either through an explicit barrier edge * or one implied by a barrier guard. */ -private predicate isLabeledBarrierEdgeRaw( +deprecated private predicate isLabeledBarrierEdgeRaw( Configuration cfg, DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel label ) { cfg.isBarrierEdge(pred, succ, label) or - exists(DataFlow::BarrierGuardNode guard | - cfg.isBarrierGuard(guard) and + exists(BarrierGuardNodeInternal guard | + isBarrierGuardInternal(cfg, guard) and barrierGuardBlocksEdge(guard, pred, succ, label) ) } @@ -557,7 +601,7 @@ private predicate isLabeledBarrierEdgeRaw( * or one implied by a barrier guard, or by an out/in barrier for `pred` or `succ`, respectively. */ pragma[inline] -private predicate isLabeledBarrierEdge( +deprecated private predicate isLabeledBarrierEdge( Configuration cfg, DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel label ) { isLabeledBarrierEdgeRaw(cfg, pred, succ, label) @@ -570,132 +614,10 @@ private predicate isLabeledBarrierEdge( /** * A guard node that only blocks specific labels. */ -abstract class LabeledBarrierGuardNode extends BarrierGuardNode { +abstract deprecated class LabeledBarrierGuardNode extends BarrierGuardNode { override predicate blocks(boolean outcome, Expr e) { none() } } -/** - * A data flow edge that should be added to all data flow configurations in - * addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalFlowStep` - * for analysis-specific flow steps. - */ -class SharedFlowStep extends Unit { - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - none() - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - none() - } -} - -/** - * Contains predicates for accessing the steps contributed by `SharedFlowStep` subclasses. - */ -cached -module SharedFlowStep { - cached - private module Internal { - // Forces this to be part of the `FlowSteps` stage. - // We use a public predicate in a private module to avoid warnings about this being unused. - cached - predicate forceStage() { Stages::FlowSteps::ref() } - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - cached - predicate step(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedFlowStep s).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - cached - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - cached - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { - any(SharedFlowStep s).storeStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - cached - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - cached - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStoreStep(pred, succ, prop) - } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - cached - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) - } -} - /** * A collection of pseudo-properties that are used in multiple files. * @@ -769,6 +691,12 @@ module PseudoProperties { bindingset[key] string mapValueKey(string key) { result = pseudoProperty("mapValue", key) } + /** + * Holds if `prop` equals `mapValueKey(key)` for some value of `key`. + */ + bindingset[prop] + predicate isMapValueKey(string prop) { prop.matches("$mapValue|%$") } + /** * Gets a pseudo-property for the location of a map value where the key is `key`. */ @@ -785,7 +713,7 @@ module PseudoProperties { * A data flow node that should be considered a source for some specific configuration, * in addition to any other sources that configuration may recognize. */ -abstract class AdditionalSource extends DataFlow::Node { +abstract deprecated class AdditionalSource extends DataFlow::Node { /** * Holds if this data flow node should be considered a source node for * configuration `cfg`. @@ -803,7 +731,7 @@ abstract class AdditionalSource extends DataFlow::Node { * A data flow node that should be considered a sink for some specific configuration, * in addition to any other sinks that configuration may recognize. */ -abstract class AdditionalSink extends DataFlow::Node { +abstract deprecated class AdditionalSink extends DataFlow::Node { /** * Holds if this data flow node should be considered a sink node for * configuration `cfg`. @@ -837,7 +765,7 @@ private class FlowStepThroughImport extends SharedFlowStep { * Summary steps through function calls are not taken into account. */ pragma[inline] -private predicate basicFlowStepNoBarrier( +deprecated private predicate basicFlowStepNoBarrier( DataFlow::Node pred, DataFlow::Node succ, PathSummary summary, DataFlow::Configuration cfg ) { // Local flow @@ -876,7 +804,7 @@ private predicate basicFlowStepNoBarrier( * and hence should only be used for purposes of approximation. */ pragma[noinline] -private predicate exploratoryFlowStep( +deprecated private predicate exploratoryFlowStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg ) { isRelevantForward(pred, cfg) and @@ -895,7 +823,7 @@ private predicate exploratoryFlowStep( /** * Holds if `nd` is a source node for configuration `cfg`. */ -private predicate isSource(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLabel lbl) { +deprecated private predicate isSource(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLabel lbl) { (cfg.isSource(nd) or nd.(AdditionalSource).isSourceFor(cfg)) and lbl = cfg.getDefaultSourceLabel() or @@ -907,7 +835,7 @@ private predicate isSource(DataFlow::Node nd, DataFlow::Configuration cfg, FlowL /** * Holds if `nd` is a sink node for configuration `cfg`. */ -private predicate isSink(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLabel lbl) { +deprecated private predicate isSink(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLabel lbl) { (cfg.isSink(nd) or nd.(AdditionalSink).isSinkFor(cfg)) and lbl = any(StandardFlowLabel f) or @@ -920,7 +848,7 @@ private predicate isSink(DataFlow::Node nd, DataFlow::Configuration cfg, FlowLab * Holds if there exists a load-step from `pred` to `succ` under configuration `cfg`, * and the forwards exploratory flow has found a relevant store-step with the same property as the load-step. */ -private predicate exploratoryLoadStep( +deprecated private predicate exploratoryLoadStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg ) { exists(string prop | prop = getAForwardRelevantLoadProperty(cfg) | @@ -937,7 +865,7 @@ private predicate exploratoryLoadStep( * This private predicate is only used in `exploratoryLoadStep`, and exists as a separate predicate to give the compiler a hint about join-ordering. */ pragma[noinline] -private string getAForwardRelevantLoadProperty(DataFlow::Configuration cfg) { +deprecated private string getAForwardRelevantLoadProperty(DataFlow::Configuration cfg) { exists(DataFlow::Node previous | isRelevantForward(previous, cfg) | basicStoreStep(previous, _, result) or isAdditionalStoreStep(previous, _, result, cfg) @@ -951,7 +879,7 @@ private string getAForwardRelevantLoadProperty(DataFlow::Configuration cfg) { * * The properties from this predicate are used as a white-list of properties for load/store steps that should always be considered in the exploratory flow. */ -private string getAPropertyUsedInLoadStore(DataFlow::Configuration cfg) { +deprecated private string getAPropertyUsedInLoadStore(DataFlow::Configuration cfg) { exists(string loadProp, string storeProp | isAdditionalLoadStoreStep(_, _, loadProp, storeProp, cfg) and storeProp != loadProp and @@ -964,7 +892,7 @@ private string getAPropertyUsedInLoadStore(DataFlow::Configuration cfg) { * and somewhere in the program there exists a load-step that could possibly read the stored value. */ pragma[noinline] -private predicate exploratoryForwardStoreStep( +deprecated private predicate exploratoryForwardStoreStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg ) { exists(string prop | @@ -982,7 +910,7 @@ private predicate exploratoryForwardStoreStep( * and `succ` has been found to be relevant during the backwards exploratory flow, * and the backwards exploratory flow has found a relevant load-step with the same property as the store-step. */ -private predicate exploratoryBackwardStoreStep( +deprecated private predicate exploratoryBackwardStoreStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg ) { exists(string prop | prop = getABackwardsRelevantStoreProperty(cfg) | @@ -998,7 +926,7 @@ private predicate exploratoryBackwardStoreStep( * This private predicate is only used in `exploratoryBackwardStoreStep`, and exists as a separate predicate to give the compiler a hint about join-ordering. */ pragma[noinline] -private string getABackwardsRelevantStoreProperty(DataFlow::Configuration cfg) { +deprecated private string getABackwardsRelevantStoreProperty(DataFlow::Configuration cfg) { exists(DataFlow::Node mid | isRelevant(mid, cfg) | basicLoadStep(mid, _, result) or isAdditionalLoadStep(mid, _, result, cfg) @@ -1012,7 +940,7 @@ private string getABackwardsRelevantStoreProperty(DataFlow::Configuration cfg) { * * No call/return matching is done, so this is a relatively coarse over-approximation. */ -private predicate isRelevantForward(DataFlow::Node nd, DataFlow::Configuration cfg) { +deprecated private predicate isRelevantForward(DataFlow::Node nd, DataFlow::Configuration cfg) { isSource(nd, cfg, _) and isLive() or exists(DataFlow::Node mid | @@ -1028,7 +956,7 @@ private predicate isRelevantForward(DataFlow::Node nd, DataFlow::Configuration c * * No call/return matching is done, so this is a relatively coarse over-approximation. */ -private predicate isRelevant(DataFlow::Node nd, DataFlow::Configuration cfg) { +deprecated private predicate isRelevant(DataFlow::Node nd, DataFlow::Configuration cfg) { isRelevantForward(nd, cfg) and isSink(nd, cfg, _) or exists(DataFlow::Node mid | isRelevant(mid, cfg) | isRelevantBackStep(mid, nd, cfg)) @@ -1037,7 +965,7 @@ private predicate isRelevant(DataFlow::Node nd, DataFlow::Configuration cfg) { /** * Holds if there is backwards data-flow step from `mid` to `nd` under `cfg`. */ -private predicate isRelevantBackStep( +deprecated private predicate isRelevantBackStep( DataFlow::Node mid, DataFlow::Node nd, DataFlow::Configuration cfg ) { exploratoryFlowStep(nd, mid, cfg) @@ -1051,7 +979,7 @@ private predicate isRelevantBackStep( * either `pred` is an argument of `f` and `succ` the corresponding parameter, or * `pred` is a variable definition whose value is captured by `f` at `succ`. */ -private predicate callInputStep( +deprecated private predicate callInputStep( Function f, DataFlow::Node invk, DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg ) { @@ -1081,7 +1009,7 @@ private predicate callInputStep( * into account. */ pragma[nomagic] -private predicate reachableFromInput( +deprecated private predicate reachableFromInput( Function f, DataFlow::Node invk, DataFlow::Node input, DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary ) { @@ -1100,7 +1028,7 @@ private predicate reachableFromInput( * to a path represented by `oldSummary` yielding a path represented by `newSummary`. */ pragma[noinline] -private predicate appendStep( +deprecated private predicate appendStep( DataFlow::Node pred, DataFlow::Configuration cfg, PathSummary oldSummary, DataFlow::Node succ, PathSummary newSummary ) { @@ -1116,7 +1044,7 @@ private predicate appendStep( * which is either an argument or a definition captured by the function, flows under * configuration `cfg`, possibly through callees. */ -private predicate flowThroughCall( +deprecated private predicate flowThroughCall( DataFlow::Node input, DataFlow::Node output, DataFlow::Configuration cfg, PathSummary summary ) { exists(Function f, DataFlow::FunctionReturnNode ret | @@ -1162,7 +1090,7 @@ private predicate flowThroughCall( * along a path summarized by `summary`. */ pragma[nomagic] -private predicate storeStep( +deprecated private predicate storeStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg, PathSummary summary ) { @@ -1200,7 +1128,7 @@ private predicate storeStep( /** * Gets a dataflow-node for the operand of the await-expression `await`. */ -private DataFlow::Node getAwaitOperand(DataFlow::Node await) { +deprecated private DataFlow::Node getAwaitOperand(DataFlow::Node await) { exists(AwaitExpr awaitExpr | result = awaitExpr.getOperand().getUnderlyingValue().flow() and await.asExpr() = awaitExpr @@ -1210,7 +1138,7 @@ private DataFlow::Node getAwaitOperand(DataFlow::Node await) { /** * Holds if property `prop` of `arg` is read inside a function and returned to the call `succ`. */ -private predicate parameterPropRead( +deprecated private predicate parameterPropRead( DataFlow::Node arg, string prop, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary summary ) { @@ -1222,7 +1150,7 @@ private predicate parameterPropRead( // all the non-recursive parts of parameterPropRead outlined into a precomputed predicate pragma[noinline] -private predicate parameterPropReadStep( +deprecated private predicate parameterPropReadStep( DataFlow::SourceNode parm, DataFlow::Node read, string prop, DataFlow::Configuration cfg, DataFlow::Node arg, DataFlow::Node invk, Function f, DataFlow::Node succ ) { @@ -1246,7 +1174,7 @@ private predicate parameterPropReadStep( * Holds if `read` may flow into a return statement of `f` under configuration `cfg` * (possibly through callees) along a path summarized by `summary`. */ -private predicate reachesReturn( +deprecated private predicate reachesReturn( Function f, DataFlow::Node read, DataFlow::Configuration cfg, PathSummary summary ) { isRelevant(read, cfg) and @@ -1264,7 +1192,7 @@ private predicate reachesReturn( // used in `getARelevantProp`, outlined for performance pragma[noinline] -private string getARelevantStoreProp(DataFlow::Configuration cfg) { +deprecated private string getARelevantStoreProp(DataFlow::Configuration cfg) { exists(DataFlow::Node previous | isRelevant(previous, cfg) | basicStoreStep(previous, _, result) or isAdditionalStoreStep(previous, _, result, cfg) @@ -1273,7 +1201,7 @@ private string getARelevantStoreProp(DataFlow::Configuration cfg) { // used in `getARelevantProp`, outlined for performance pragma[noinline] -private string getARelevantLoadProp(DataFlow::Configuration cfg) { +deprecated private string getARelevantLoadProp(DataFlow::Configuration cfg) { exists(DataFlow::Node previous | isRelevant(previous, cfg) | basicLoadStep(previous, _, result) or isAdditionalLoadStep(previous, _, result, cfg) @@ -1282,7 +1210,7 @@ private string getARelevantLoadProp(DataFlow::Configuration cfg) { /** Gets the name of a property that is both loaded and stored according to the exploratory analysis. */ pragma[noinline] -private string getARelevantProp(DataFlow::Configuration cfg) { +deprecated private string getARelevantProp(DataFlow::Configuration cfg) { result = getARelevantStoreProp(cfg) and result = getARelevantLoadProp(cfg) or @@ -1292,10 +1220,10 @@ private string getARelevantProp(DataFlow::Configuration cfg) { /** * Holds if the property `prop` of the object `pred` should be loaded into `succ`. */ -private predicate isAdditionalLoadStep( +deprecated private predicate isAdditionalLoadStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStep(pred, succ, prop) + LegacyFlowStep::loadStep(pred, succ, prop) or cfg.isAdditionalLoadStep(pred, succ, prop) } @@ -1303,10 +1231,10 @@ private predicate isAdditionalLoadStep( /** * Holds if `pred` should be stored in the object `succ` under the property `prop`. */ -private predicate isAdditionalStoreStep( +deprecated private predicate isAdditionalStoreStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::storeStep(pred, succ, prop) + LegacyFlowStep::storeStep(pred, succ, prop) or cfg.isAdditionalStoreStep(pred, succ, prop) } @@ -1314,17 +1242,17 @@ private predicate isAdditionalStoreStep( /** * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. */ -private predicate isAdditionalLoadStoreStep( +deprecated private predicate isAdditionalLoadStoreStep( DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp, storeProp) or loadProp = storeProp and ( - SharedFlowStep::loadStoreStep(pred, succ, loadProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp) ) @@ -1334,7 +1262,7 @@ private predicate isAdditionalLoadStoreStep( * Holds if property `prop` of `pred` may flow into `succ` along a path summarized by * `summary`. */ -private predicate loadStep( +deprecated private predicate loadStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg, PathSummary summary ) { @@ -1356,7 +1284,7 @@ private predicate loadStep( * the flow that originally reached `base.startProp` used a call edge. */ pragma[noopt] -private predicate reachableFromStoreBase( +deprecated private predicate reachableFromStoreBase( string startProp, string endProp, DataFlow::Node base, DataFlow::Node nd, DataFlow::Configuration cfg, TPathSummary summary, boolean onlyRelevantInCall ) { @@ -1396,7 +1324,7 @@ private predicate reachableFromStoreBase( ) } -private boolean hasCall(PathSummary summary) { result = summary.hasCall() } +deprecated private boolean hasCall(PathSummary summary) { result = summary.hasCall() } /** * Holds if the value of `pred` is written to a property of some base object, and that base @@ -1406,7 +1334,7 @@ private boolean hasCall(PathSummary summary) { result = summary.hasCall() } * In other words, `pred` may flow to `succ` through a property. */ pragma[noinline] -private predicate flowThroughProperty( +deprecated private predicate flowThroughProperty( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary summary ) { exists(PathSummary oldSummary, PathSummary newSummary | @@ -1422,7 +1350,7 @@ private predicate flowThroughProperty( * by `oldSummary`. */ pragma[noinline] -private predicate storeToLoad( +deprecated private predicate storeToLoad( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary oldSummary, PathSummary newSummary ) { @@ -1444,7 +1372,7 @@ private predicate storeToLoad( * All of this is done under configuration `cfg`, and `arg` flows along a path * summarized by `summary`, while `cb` is only tracked locally. */ -private predicate summarizedHigherOrderCall( +deprecated private predicate summarizedHigherOrderCall( DataFlow::Node arg, DataFlow::Node cb, int i, DataFlow::Configuration cfg, PathSummary summary ) { exists( @@ -1474,7 +1402,7 @@ private predicate summarizedHigherOrderCall( * @see `summarizedHigherOrderCall`. */ pragma[noinline] -private predicate summarizedHigherOrderCallAux( +deprecated private predicate summarizedHigherOrderCallAux( Function f, DataFlow::Node arg, DataFlow::Node innerArg, DataFlow::Configuration cfg, PathSummary oldSummary, DataFlow::SourceNode cbParm, DataFlow::InvokeNode inner, int j, DataFlow::Node cb @@ -1512,7 +1440,7 @@ private predicate summarizedHigherOrderCallAux( * invocation of the callback. */ pragma[nomagic] -private predicate higherOrderCall( +deprecated private predicate higherOrderCall( DataFlow::Node arg, DataFlow::SourceNode callback, int i, DataFlow::Configuration cfg, PathSummary summary ) { @@ -1548,7 +1476,7 @@ private predicate higherOrderCall( * All of this is done under configuration `cfg`, and `arg` flows along a path * summarized by `summary`, while `cb` is only tracked locally. */ -private predicate flowIntoHigherOrderCall( +deprecated private predicate flowIntoHigherOrderCall( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration cfg, PathSummary summary ) { exists(DataFlow::FunctionNode cb, int i, PathSummary oldSummary | @@ -1571,7 +1499,7 @@ private predicate flowIntoHigherOrderCall( * Holds if there is a flow step from `pred` to `succ` described by `summary` * under configuration `cfg`. */ -private predicate flowStep( +deprecated private predicate flowStep( DataFlow::Node pred, DataFlow::Configuration cfg, DataFlow::Node succ, PathSummary summary ) { ( @@ -1599,7 +1527,7 @@ private predicate flowStep( * in zero or more steps. */ pragma[nomagic] -private predicate flowsTo( +deprecated private predicate flowsTo( PathNode flowsource, DataFlow::Node source, SinkPathNode flowsink, DataFlow::Node sink, DataFlow::Configuration cfg ) { @@ -1613,7 +1541,7 @@ private predicate flowsTo( * `summary`. */ pragma[nomagic] -private predicate reachableFromSource( +deprecated private predicate reachableFromSource( DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary ) { exists(FlowLabel lbl | @@ -1634,7 +1562,9 @@ private predicate reachableFromSource( * Holds if `nd` can be reached from a source under `cfg`, and in turn a sink is * reachable from `nd`, where the path from the source to `nd` is summarized by `summary`. */ -private predicate onPath(DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary) { +deprecated private predicate onPath( + DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary +) { reachableFromSource(nd, cfg, summary) and isSink(nd, cfg, summary.getEndLabel()) and not cfg.isBarrier(nd) and @@ -1653,7 +1583,7 @@ private predicate onPath(DataFlow::Node nd, DataFlow::Configuration cfg, PathSum * This predicate has been outlined from `onPath` to give the optimizer a hint about join-ordering. */ pragma[noinline] -private predicate onPathStep( +deprecated private predicate onPathStep( DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary, PathSummary stepSummary, DataFlow::Node mid ) { @@ -1665,26 +1595,30 @@ private predicate onPathStep( * Holds if there is a configuration that has at least one source and at least one sink. */ pragma[noinline] -private predicate isLive() { +deprecated private predicate isLive() { exists(DataFlow::Configuration cfg | isSource(_, cfg, _) and isSink(_, cfg, _)) } /** * A data flow node on an inter-procedural path from a source. */ -private newtype TPathNode = - MkSourceNode(DataFlow::Node nd, DataFlow::Configuration cfg) { isSourceNode(nd, cfg, _) } or - MkMidNode(DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary) { +deprecated private newtype TPathNode = + deprecated MkSourceNode(DataFlow::Node nd, DataFlow::Configuration cfg) { + isSourceNode(nd, cfg, _) + } or + deprecated MkMidNode(DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary) { isLive() and onPath(nd, cfg, summary) } or - MkSinkNode(DataFlow::Node nd, DataFlow::Configuration cfg) { isSinkNode(nd, cfg, _) } + deprecated MkSinkNode(DataFlow::Node nd, DataFlow::Configuration cfg) { isSinkNode(nd, cfg, _) } /** * Holds if `nd` is a source node for configuration `cfg`, and there is a path from `nd` to a sink * with the given `summary`. */ -private predicate isSourceNode(DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary) { +deprecated private predicate isSourceNode( + DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary +) { exists(FlowLabel lbl | summary = PathSummary::level(lbl) | isSource(nd, cfg, lbl) and isLive() and @@ -1696,7 +1630,9 @@ private predicate isSourceNode(DataFlow::Node nd, DataFlow::Configuration cfg, P * Holds if `nd` is a sink node for configuration `cfg`, and there is a path from a source to `nd` * with the given `summary`. */ -private predicate isSinkNode(DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary) { +deprecated private predicate isSinkNode( + DataFlow::Node nd, DataFlow::Configuration cfg, PathSummary summary +) { isSink(nd, cfg, summary.getEndLabel()) and isLive() and onPath(nd, cfg, summary) @@ -1709,7 +1645,9 @@ private predicate isSinkNode(DataFlow::Node nd, DataFlow::Configuration cfg, Pat * from computing a cross-product of all path nodes belonging to the same configuration. */ bindingset[cfg, result] -private DataFlow::Configuration id(DataFlow::Configuration cfg) { result >= cfg and cfg >= result } +deprecated private DataFlow::Configuration id(DataFlow::Configuration cfg) { + result >= cfg and cfg >= result +} /** * A data-flow node on an inter-procedural path from a source to a sink. @@ -1727,7 +1665,7 @@ private DataFlow::Configuration id(DataFlow::Configuration cfg) { result >= cfg * some source to the node with the given summary that can be extended to a path to some sink node, * all under the configuration. */ -class PathNode extends TPathNode { +deprecated class PathNode extends TPathNode { DataFlow::Node nd; Configuration cfg; @@ -1783,7 +1721,7 @@ class PathNode extends TPathNode { } /** Gets the mid node corresponding to `src`. */ -private MidPathNode initialMidNode(SourcePathNode src) { +deprecated private MidPathNode initialMidNode(SourcePathNode src) { exists(DataFlow::Node nd, Configuration cfg, PathSummary summary | result.wraps(nd, cfg, summary) and src = MkSourceNode(nd, cfg) and @@ -1792,7 +1730,7 @@ private MidPathNode initialMidNode(SourcePathNode src) { } /** Gets the mid node corresponding to `snk`. */ -private MidPathNode finalMidNode(SinkPathNode snk) { +deprecated private MidPathNode finalMidNode(SinkPathNode snk) { exists(DataFlow::Node nd, Configuration cfg, PathSummary summary | result.wraps(nd, cfg, summary) and snk = MkSinkNode(nd, cfg) and @@ -1807,7 +1745,7 @@ private MidPathNode finalMidNode(SinkPathNode snk) { * This helper predicate exists to clarify the intended join order in `getASuccessor` below. */ pragma[noinline] -private predicate midNodeStep( +deprecated private predicate midNodeStep( PathNode nd, DataFlow::Node predNd, Configuration cfg, PathSummary summary, DataFlow::Node succNd, PathSummary newSummary ) { @@ -1818,7 +1756,7 @@ private predicate midNodeStep( /** * Gets a node to which data from `nd` may flow in one step. */ -private PathNode getASuccessor(PathNode nd) { +deprecated private PathNode getASuccessor(PathNode nd) { // source node to mid node result = initialMidNode(nd) or @@ -1832,7 +1770,7 @@ private PathNode getASuccessor(PathNode nd) { nd = finalMidNode(result) } -private PathNode getASuccessorIfHidden(PathNode nd) { +deprecated private PathNode getASuccessorIfHidden(PathNode nd) { nd.(MidPathNode).isHidden() and result = getASuccessor(nd) } @@ -1844,7 +1782,7 @@ private PathNode getASuccessorIfHidden(PathNode nd) { * is a configuration such that `nd` is on a path from a source to a sink under `cfg` * summarized by `summary`. */ -class MidPathNode extends PathNode, MkMidNode { +deprecated class MidPathNode extends PathNode, MkMidNode { PathSummary summary; MidPathNode() { this = MkMidNode(nd, cfg, summary) } @@ -1858,50 +1796,27 @@ class MidPathNode extends PathNode, MkMidNode { * Holds if this node is hidden from paths in path explanation queries, except * in cases where it is the source or sink. */ - predicate isHidden() { - // Skip phi, refinement, and capture nodes - nd.(DataFlow::SsaDefinitionNode).getSsaVariable().getDefinition() instanceof - SsaImplicitDefinition - or - // Skip SSA definition of parameter as its location coincides with the parameter node - nd = DataFlow::ssaDefinitionNode(Ssa::definition(any(SimpleParameter p))) - or - // Skip to the top of big left-leaning string concatenation trees. - nd = any(AddExpr add).flow() and - nd = any(AddExpr add).getAnOperand().flow() - or - // Skip the exceptional return on functions, as this highlights the entire function. - nd = any(DataFlow::FunctionNode f).getExceptionalReturn() - or - // Skip the special return node for functions, as this highlights the entire function (and the returned expr is the previous node). - nd = any(DataFlow::FunctionNode f).getReturnNode() - or - // Skip the synthetic 'this' node, as a ThisExpr will be the next node anyway - nd = DataFlow::thisNode(_) - or - // Skip captured variable nodes as the successor will be a use of that variable anyway. - nd = DataFlow::capturedVariableNode(_) - } + predicate isHidden() { DataFlowPrivate::nodeIsHidden(nd) } } /** * A path node corresponding to a flow source. */ -class SourcePathNode extends PathNode, MkSourceNode { +deprecated class SourcePathNode extends PathNode, MkSourceNode { SourcePathNode() { this = MkSourceNode(nd, cfg) } } /** * A path node corresponding to a flow sink. */ -class SinkPathNode extends PathNode, MkSinkNode { +deprecated class SinkPathNode extends PathNode, MkSinkNode { SinkPathNode() { this = MkSinkNode(nd, cfg) } } /** * Provides the query predicates needed to include a graph in a path-problem query. */ -module PathGraph { +deprecated module PathGraph { /** Holds if `nd` is a node in the graph of data flow path explanations. */ query predicate nodes(PathNode nd) { not nd.(MidPathNode).isHidden() } @@ -1955,7 +1870,7 @@ module PathGraph { /** * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalAndParent(BarrierGuardNode guard) { +deprecated private Expr getALogicalAndParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) @@ -1966,7 +1881,7 @@ private Expr getALogicalAndParent(BarrierGuardNode guard) { /** * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalOrParent(BarrierGuardNode guard) { +deprecated private Expr getALogicalOrParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) @@ -1982,16 +1897,16 @@ private Expr getALogicalOrParent(BarrierGuardNode guard) { * of the standard library. Override `Configuration::isBarrierGuard` * for analysis-specific barrier guards. */ -abstract class AdditionalBarrierGuardNode extends BarrierGuardNode { +abstract deprecated class AdditionalBarrierGuardNode extends BarrierGuardNode { abstract predicate appliesTo(Configuration cfg); } /** * A function that returns the result of a barrier guard. */ -private class BarrierGuardFunction extends Function { +deprecated private class BarrierGuardFunction extends Function { DataFlow::ParameterNode sanitizedParameter; - BarrierGuardNode guard; + BarrierGuardNodeInternal guard; boolean guardOutcome; string label; int paramIndex; @@ -2035,23 +1950,20 @@ private class BarrierGuardFunction extends Function { ) } - /** - * Holds if this function applies to the flow in `cfg`. - */ predicate appliesTo(Configuration cfg) { isBarrierGuardInternal(cfg, guard) } } /** * A call that sanitizes an argument. */ -private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, DataFlow::CallNode { +deprecated private class AdditionalBarrierGuardCall extends DerivedBarrierGuardNode, + DataFlow::CallNode +{ BarrierGuardFunction f; AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } - override predicate blocks(boolean outcome, Expr e) { f.isBarrierCall(this, e, outcome, "") } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocks(boolean outcome, Expr e, string label) { f.isBarrierCall(this, e, outcome, label) } @@ -2067,8 +1979,8 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat * } * ``` */ -private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { - DataFlow::BarrierGuardNode prev; +deprecated private class CallAgainstEqualityCheck extends DerivedBarrierGuardNode { + BarrierGuardNodeInternal prev; boolean polarity; CallAgainstEqualityCheck() { @@ -2080,11 +1992,7 @@ private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { ) } - override predicate blocks(boolean outcome, Expr e) { - none() // handled by internalBlocksLabel - } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocks(boolean outcome, Expr e, string lbl) { exists(boolean prevOutcome | barrierGuardBlocksExpr(prev, prevOutcome, e, lbl) and outcome = prevOutcome.booleanXor(polarity) @@ -2094,25 +2002,10 @@ private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { override predicate appliesTo(Configuration cfg) { isBarrierGuardInternal(cfg, prev) } } -/** - * A guard node for a variable in a negative condition, such as `x` in `if(!x)`. - * Can be added to a `isBarrier` in a data-flow configuration to block flow through such checks. - */ -class VarAccessBarrier extends DataFlow::Node { - VarAccessBarrier() { - exists(ConditionGuardNode guard, SsaRefinementNode refinement | - this = DataFlow::ssaDefinitionNode(refinement) and - refinement.getGuard() = guard and - guard.getTest() instanceof VarAccess and - guard.getOutcome() = false - ) - } -} - /** * Holds if there is a path without unmatched return steps from `source` to `sink`. */ -predicate hasPathWithoutUnmatchedReturn(SourcePathNode source, SinkPathNode sink) { +deprecated predicate hasPathWithoutUnmatchedReturn(SourcePathNode source, SinkPathNode sink) { exists(MidPathNode mid | source.getASuccessor*() = mid and sink = mid.getASuccessor() and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 79fede61b8f..f86d8806304 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -25,6 +25,8 @@ private import internal.DataFlowNode private import internal.AnalyzedParameters private import internal.PreCallGraphStep private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import semmle.javascript.dataflow.internal.VariableOrThis module DataFlow { /** @@ -182,29 +184,8 @@ module DataFlow { */ cached DataFlow::Node getImmediatePredecessor() { - lvalueFlowStep(result, this) and - not lvalueDefaultFlowStep(_, this) - or immediateFlowStep(result, this) or - // Refinement of variable -> original definition of variable - exists(SsaRefinementNode refinement | - this = TSsaDefNode(refinement) and - result = TSsaDefNode(refinement.getAnInput()) - ) - or - exists(SsaPhiNode phi | - this = TSsaDefNode(phi) and - result = TSsaDefNode(phi.getRephinedVariable()) - ) - or - // IIFE call -> return value of IIFE - exists(Function fun | - localCall(this.asExpr(), fun) and - result = unique(Expr ret | ret = fun.getAReturnedExpr()).flow() and - not fun.getExit().isJoin() // can only reach exit by the return statement - ) - or FlowSteps::identityFunctionStep(result, this) } @@ -271,6 +252,11 @@ module DataFlow { or this.getFallbackTypeAnnotation().getAnUnderlyingType().hasQualifiedName(moduleName, typeName) } + + /** + * Gets the post-update node corresponding to this node, if any. + */ + final PostUpdateNode getPostUpdateNode() { result.getPreUpdateNode() = this } } /** @@ -744,9 +730,7 @@ module DataFlow { private class ParameterFieldAsPropWrite extends PropWrite, PropNode { override ParameterField prop; - override Node getBase() { - thisNode(result, prop.getDeclaringClass().getConstructor().getBody()) - } + override Node getBase() { result = TImplicitThisUse(prop, false) } override Expr getPropertyNameExpr() { none() // The parameter value is not the name of the field @@ -754,16 +738,11 @@ module DataFlow { override string getPropertyName() { result = prop.getName() } - override Node getRhs() { - exists(Parameter param, Node paramNode | - param = prop.getParameter() and - parameterNode(paramNode, param) - | - result = paramNode - ) - } + override Node getRhs() { result = TValueNode(prop.getParameter()) } override ControlFlowNode getWriteNode() { result = prop.getParameter() } + + override StmtContainer getContainer() { parameter_fields(prop, result, _) } } /** @@ -778,9 +757,7 @@ module DataFlow { exists(prop.getInit()) } - override Node getBase() { - thisNode(result, prop.getDeclaringClass().getConstructor().getBody()) - } + override Node getBase() { result = TImplicitThisUse(prop, false) } override Expr getPropertyNameExpr() { result = prop.getNameExpr() } @@ -971,6 +948,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this exceptional return node. */ @@ -993,6 +976,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this return node. */ @@ -1052,6 +1041,41 @@ module DataFlow { override string toString() { result = "global access path" } } + /** + * A node representing the value passed as `this` argument in a `new` call. + */ + class NewCallThisArgumentNode extends TNewCallThisArgument, DataFlow::Node { + private NewExpr expr; + + NewCallThisArgumentNode() { this = TNewCallThisArgument(expr) } + + override string toString() { result = "implicit 'this' argument of " + expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override Location getLocation() { result = expr.getLocation() } + } + + /** + * A node representing an implicit use of `this` or its post-update node. + */ + private class ImplicitThisUseNode extends TImplicitThisUse, DataFlow::Node { + private ImplicitThisUse use; + private boolean isPost; + + ImplicitThisUseNode() { this = TImplicitThisUse(use, isPost) } + + override string toString() { + if isPost = false + then result = "implicit 'this'" + else result = "[post-update] implicit 'this'" + } + + override StmtContainer getContainer() { result = use.getUseContainer() } + + override Location getLocation() { result = use.getLocation() } + } + /** * INTERNAL. DO NOT USE. * @@ -1076,6 +1100,14 @@ module DataFlow { * instead. */ module Impl { + /** + * INTERNAL. DO NOT USE. + * + * An alias for `Node.getImmediatePredecessor` that can be used at an earlier stage + * that does not depend on `DataFlow::Node`. + */ + predicate earlyStageImmediateFlowStep = immediateFlowStep/2; + /** * A data flow node representing a function invocation, either explicitly or reflectively, * and either with or without `new`. @@ -1342,6 +1374,61 @@ module DataFlow { override Location getLocation() { result = this.getTag().getLocation() } override string toString() { result = this.getTag().toString() } + + override StmtContainer getContainer() { result = this.getTag().getInnerTopLevel() } + } + + /** + * A node representing the hidden parameter of a function by which a function can refer to itself. + */ + class FunctionSelfReferenceNode extends DataFlow::Node, TFunctionSelfReferenceNode { + private Function function; + + FunctionSelfReferenceNode() { this = TFunctionSelfReferenceNode(function) } + + /** Gets the function. */ + Function getFunction() { result = function } + + override StmtContainer getContainer() { result = function } + + override BasicBlock getBasicBlock() { result = function.getEntryBB() } + + override string toString() { result = "[function self-reference] " + function.toString() } + + override Location getLocation() { result = function.getLocation() } + } + + /** + * A post-update node whose pre-node corresponds to an expression. See `DataFlow::PostUpdateNode` for more details. + */ + class ExprPostUpdateNode extends DataFlow::Node, TExprPostUpdateNode, Private::PostUpdateNode { + private AST::ValueNode expr; + + ExprPostUpdateNode() { this = TExprPostUpdateNode(expr) } + + /** Gets the expression for which this is the post-update node. */ + AST::ValueNode getExpr() { result = expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override Location getLocation() { result = expr.getLocation() } + + override string toString() { result = "[post update] " + expr.toString() } + } + + /** + * A post-update node. + * + * This is a data-flow node that represents the new state of an object after its contents have been mutated. + * Most notably such nodes exist for arguments to a call and for the base of a property reference. + */ + class PostUpdateNode extends DataFlow::Node { + PostUpdateNode() { Private::postUpdatePair(_, this) } + + /** + * Gets the corresponding pre-update node, which is usually the argument to a call or the base of a property reference. + */ + final DataFlow::Node getPreUpdateNode() { Private::postUpdatePair(result, this) } } /** @@ -1374,12 +1461,12 @@ module DataFlow { /** * INTERNAL: Use `parameterNode(Parameter)` instead. */ - predicate parameterNode(DataFlow::Node nd, Parameter p) { nd = valueNode(p) } + predicate parameterNode(EarlyStageNode nd, Parameter p) { nd = TValueNode(p) } /** * INTERNAL: Use `thisNode(StmtContainer container)` instead. */ - predicate thisNode(DataFlow::Node node, StmtContainer container) { node = TThisNode(container) } + predicate thisNode(EarlyStageNode node, StmtContainer container) { node = TThisNode(container) } /** * Gets the node representing the receiver of the given function, or `this` in the given top-level. @@ -1441,7 +1528,15 @@ module DataFlow { * _before_ the l-value is assigned to, whereas `DataFlow::lvalueNode()` * represents the value _after_ the assignment. */ - Node lvalueNode(BindingPattern lvalue) { + Node lvalueNode(BindingPattern lvalue) { result = lvalueNodeInternal(lvalue) } + + /** + * INTERNAL: Do not use outside standard library. + * + * Same as `lvalueNode()` except the return type is `EarlyStageNode`, which allows it to be used + * before all data flow nodes have been materialised. + */ + EarlyStageNode lvalueNodeInternal(BindingPattern lvalue) { exists(SsaExplicitDefinition ssa | ssa.defines(lvalue.(LValue).getDefNode(), lvalue.(VarRef).getVariable()) and result = TSsaDefNode(ssa) @@ -1489,31 +1584,31 @@ module DataFlow { * Holds if there is a step from `pred -> succ` due to an assignment * to an expression in l-value position. */ - private predicate lvalueFlowStep(Node pred, Node succ) { + private predicate lvalueFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(VarDef def | - pred = valueNode(defSourceNode(def)) and - succ = lvalueNode(def.getTarget()) + pred = TValueNode(defSourceNode(def)) and + succ = lvalueNodeInternal(def.getTarget()) ) or exists(SimpleParameter param | - pred = valueNode(param) and // The value node represents the incoming argument - succ = lvalueNode(param) // The SSA node represents the parameters's local variable + pred = TValueNode(param) and // The value node represents the incoming argument + succ = lvalueNodeInternal(param) // The SSA node represents the parameters's local variable ) or exists(Expr arg, Parameter param | localArgumentPassing(arg, param) and - pred = valueNode(arg) and - succ = valueNode(param) + pred = TValueNode(arg) and + succ = TValueNode(param) ) or exists(PropertyPattern pattern | pred = TPropNode(pattern) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(Expr element | pred = TElementPatternNode(_, element) and - succ = lvalueNode(element) + succ = lvalueNodeInternal(element) ) } @@ -1521,37 +1616,37 @@ module DataFlow { * Holds if there is a step from `pred -> succ` from the default * value of a destructuring pattern or parameter. */ - private predicate lvalueDefaultFlowStep(Node pred, Node succ) { + private predicate lvalueDefaultFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(PropertyPattern pattern | pred = TValueNode(pattern.getDefault()) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(ArrayPattern array, int i | pred = TValueNode(array.getDefault(i)) and - succ = lvalueNode(array.getElement(i)) + succ = lvalueNodeInternal(array.getElement(i)) ) or exists(Parameter param | pred = TValueNode(param.getDefault()) and - parameterNode(succ, param) + succ = TValueNode(param) ) } /** - * Flow steps shared between `getImmediatePredecessor` and `localFlowStep`. + * Flow steps shared between `immediateFlowStep` and `localFlowStep`. * * Inlining is forced because the two relations are indexed differently. */ pragma[inline] - private predicate immediateFlowStep(Node pred, Node succ) { + private predicate immediateFlowStepShared(EarlyStageNode pred, EarlyStageNode succ) { exists(SsaVariable v | pred = TSsaDefNode(v.getDefinition()) and - succ = valueNode(v.getAUse()) + succ = TValueNode(v.getAUse()) ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(ParExpr).getExpression() or @@ -1581,25 +1676,61 @@ module DataFlow { // flow from 'this' parameter into 'this' expressions exists(ThisExpr thiz | pred = TThisNode(thiz.getBindingContainer()) and - succ = valueNode(thiz) + succ = TValueNode(thiz) ) or // `f.call(...)` and `f.apply(...)` evaluate to the result of the reflective call they perform - pred = TReflectiveCallNode(succ.asExpr(), _) + exists(MethodCallExpr call | + pred = TReflectiveCallNode(call, _) and + succ = TValueNode(call) + ) + or + // Pass 'this' into implicit uses of 'this' + exists(ImplicitThisUse use | + pred = TThisNode(use.getBindingContainer()) and + succ = TImplicitThisUse(use, false) + ) + } + + pragma[nomagic] + private predicate immediateFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + lvalueFlowStep(pred, succ) and + not lvalueDefaultFlowStep(_, succ) + or + immediateFlowStepShared(pred, succ) + or + // Refinement of variable -> original definition of variable + exists(SsaRefinementNode refinement | + succ = TSsaDefNode(refinement) and + pred = TSsaDefNode(refinement.getAnInput()) + ) + or + exists(SsaPhiNode phi | + succ = TSsaDefNode(phi) and + pred = TSsaDefNode(phi.getRephinedVariable()) + ) + or + // IIFE call -> return value of IIFE + exists(Function fun, Expr expr | + succ = TValueNode(expr) and + localCall(expr, fun) and + pred = TValueNode(unique(Expr ret | ret = fun.getAReturnedExpr())) and + not fun.getExit().isJoin() // can only reach exit by the return statement + ) } /** * Holds if data can flow from `pred` to `succ` in one local step. */ cached - predicate localFlowStep(Node pred, Node succ) { - Stages::DataFlowStage::ref() and + predicate localFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + Stages::EarlyDataFlowStage::ref() and // flow from RHS into LHS lvalueFlowStep(pred, succ) or lvalueDefaultFlowStep(pred, succ) or - immediateFlowStep(pred, succ) + immediateFlowStepShared(pred, succ) or // From an assignment or implicit initialization of a captured variable to its flow-insensitive node. exists(SsaDefinition predDef | @@ -1623,7 +1754,7 @@ module DataFlow { ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(LogicalOrExpr).getAnOperand() or @@ -1641,18 +1772,17 @@ module DataFlow { or // from returned expr to the FunctionReturnNode. exists(Function f | not f.isAsyncOrGenerator() | - DataFlow::functionReturnNode(succ, f) and pred = valueNode(f.getAReturnedExpr()) + succ = TFunctionReturnNode(f) and pred = TValueNode(f.getAReturnedExpr()) ) or // from a reflective params node to a reference to the arguments object. - exists(DataFlow::ReflectiveParametersNode params, Function f | f = params.getFunction() | - succ = f.getArgumentsVariable().getAnAccess().flow() and - pred = params + exists(Function f | + pred = TReflectiveParametersNode(f) and + succ = TValueNode(f.getArgumentsVariable().getAnAccess()) ) } - /** A load step from a reflective parameter node to each parameter. */ - private class ReflectiveParamsStep extends PreCallGraphStep { + private class ReflectiveParamsStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::ReflectiveParametersNode params, DataFlow::FunctionNode f, int i | f.getFunction() = params.getFunction() and @@ -1664,7 +1794,7 @@ module DataFlow { } /** A taint step from the reflective parameters node to any parameter. */ - private class ReflectiveParamsTaintStep extends TaintTracking::SharedTaintStep { + private class ReflectiveParamsTaintStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node obj, DataFlow::Node element) { exists(DataFlow::ReflectiveParametersNode params, DataFlow::FunctionNode f | f.getFunction() = params.getFunction() and @@ -1799,7 +1929,11 @@ module DataFlow { import Nodes import Sources import TypeInference - import Configuration + deprecated import Configuration import TypeTracking + import AdditionalFlowSteps import internal.FunctionWrapperSteps + import internal.sharedlib.DataFlow + import internal.BarrierGuards + import FlowSummary } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll new file mode 100644 index 00000000000..c4a6e12b210 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -0,0 +1,83 @@ +/** Provides classes and predicates for defining flow summaries. */ + +private import javascript +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as Impl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * A model for a function that can propagate data flow. + * + * This class makes it possible to model flow through functions, using the same mechanism as + * `summaryModel` as described in the [library customization docs](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript). + * + * Extend this class to define summary models directly in CodeQL. + * Data extensions and `summaryModel` are usually preferred; but there are a few cases where direct use of this class may be needed: + * + * - The relevant call sites cannot be matched by the access path syntax, and require the full power of CodeQL. + * For example, complex overloading patterns might require more local reasoning at the call site. + * - The input/output behaviour cannot be described statically in the access path syntax, but the relevant access paths + * can be generated dynamically in CodeQL, based on the usages found in the codebase. + * + * Subclasses should bind `this` to a unique identifier for the function being modelled. There is no special + * interpreation of the `this` value, it should just not clash with the `this`-value used by other classes. + * + * For example, this models flow through calls such as `require("my-library").myFunction()`: + * ```codeql + * class MyFunction extends SummarizedCallable { + * MyFunction() { this = "MyFunction" } + * + * override predicate propagatesFlow(string input, string output, boolean preservesValues) { + * input = "Argument[0]" and + * output = "ReturnValue" and + * preservesValue = false + * } + * + * override DataFlow::InvokeNode getACall() { + * result = API::moduleImport("my-library").getMember("myFunction").getACall() + * } + * } + * ``` + * This would be equivalent to the following model written as a data extension: + * ```yaml + * extensions: + * - addsTo: + * pack: codeql/javascript-all + * extensible: summaryModel + * data: + * - ["my-library", "Member[myFunction]", "Argument[0]", "ReturnValue", "taint"] + * ``` + */ +abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { + bindingset[this] + SummarizedCallable() { any() } + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + * + * See the [library customization docs](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript) for + * the syntax of the `input` and `output` parameters. + */ + pragma[nomagic] + predicate propagatesFlow(string input, string output, boolean preservesValue) { none() } + + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + this.propagatesFlow(input, output, preservesValue) and model = this + } + + /** + * Gets the synthesized parameter that results from an input specification + * that starts with `Argument[s]` for this library callable. + */ + DataFlow::ParameterNode getParameter(string s) { + exists(ParameterPosition pos | + DataFlowImplCommon::parameterNode(result, MkLibraryCallable(this), pos) and + s = encodeParameterPosition(pos) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/ForwardExploration.qll b/javascript/ql/lib/semmle/javascript/dataflow/ForwardExploration.qll index 44667581eab..9b9fe218f09 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/ForwardExploration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/ForwardExploration.qll @@ -1,5 +1,6 @@ /** * Alias for the library `semmle.javascript.explore.ForwardDataFlow`. */ +deprecated module; import semmle.javascript.explore.ForwardDataFlow diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll index 8a7d2d11b91..762fc45333f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll @@ -1611,7 +1611,12 @@ class RegExpConstructorInvokeNode extends DataFlow::InvokeNode { * Gets the AST of the regular expression created here, provided that the * first argument is a string literal. */ - RegExpTerm getRoot() { result = this.getArgument(0).asExpr().(StringLiteral).asRegExp() } + RegExpTerm getRoot() { + result = this.getArgument(0).asExpr().(StringLiteral).asRegExp() + or + // In case someone writes `new RegExp(/foo/)` for some reason + result = this.getArgument(0).asExpr().(RegExpLiteral).getRoot() + } /** * Gets the flags provided in the second argument, or an empty string if no @@ -1703,3 +1708,18 @@ class RegExpCreationNode extends DataFlow::SourceNode { result = this.getAReference(DataFlow::TypeTracker::end()) } } + +/** + * A guard node for a variable in a negative condition, such as `x` in `if(!x)`. + * Can be added to a `isBarrier` in a data-flow configuration to block flow through such checks. + */ +class VarAccessBarrier extends DataFlow::Node { + VarAccessBarrier() { + exists(ConditionGuardNode guard, SsaRefinementNode refinement | + this = DataFlow::ssaDefinitionNode(refinement) and + refinement.getGuard() = guard and + guard.getTest() instanceof VarAccess and + guard.getOutcome() = false + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 6b6fc9c4b07..237c7c45dd6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -8,9 +8,6 @@ * substrings. As for data flow configurations, additional flow edges can be * specified, and conversely certain nodes or edges can be designated as taint * _sanitizers_ that block flow. - * - * NOTE: The API of this library is not stable yet and may change in - * the future. */ import javascript @@ -18,19 +15,29 @@ private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.Unit private import semmle.javascript.dataflow.InferredTypes private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate /** * Provides classes for modeling taint propagation. */ module TaintTracking { + import AdditionalTaintSteps + /** + * DEPRECATED. + * Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface. + * See the [migration guide](https://codeql.github.com/docs/codeql-language-guides/migrating-javascript-dataflow-queries) for more details. + * + * When migrating a `TaintTracking::Configuration` to `DataFlow::ConfigSig`, use `TaintTracking::Global<...>` instead of `DataFlow::Global<...>`. + * + * #### Legacy documentation * A data flow tracking configuration that considers taint propagation through * objects, arrays, promises and strings in addition to standard data flow. * * If a different set of flow edges is desired, extend this class and override * `isAdditionalTaintStep`. */ - abstract class Configuration extends DataFlow::Configuration { + abstract deprecated class Configuration extends DataFlow::Configuration { bindingset[this] Configuration() { any() } @@ -171,20 +178,88 @@ module TaintTracking { } /** - * A `SanitizerGuardNode` that controls which taint tracking - * configurations it is used in. + * A barrier guard that applies to all taint-tracking configurations. * * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isSanitizerGuard` - * for analysis-specific taint sanitizer guards. + * of the standard library. To define a query-specific barrier guard, instead override + * `isBarrier` and use the `DataFlow::MakeBarrierGuard` module. For example: + * ```codeql + * module MyConfig implements DataFlow::ConfigSig { + * predicate isBarrier(DataFlow::Node node) { + * node = DataFlow::MakeBarrierGuard + * } + * } + * class MyGuard extends DataFlow::Node { + * MyGuard() { ... } + * predicate blocksExpr(boolean outcome, Expr e) { ... } + * } */ + abstract class AdditionalBarrierGuard extends DataFlow::Node { + /** + * Holds if this node blocks expression `e`, provided it evaluates to `outcome`. + */ + abstract predicate blocksExpr(boolean outcome, Expr e); + } + + /** + * Internal barrier guard class that populates both the new `AdditionalBarrierGuard` class + * and the legacy `AdditionalSanitizerGuardNode` class. + * + * It exposes the member predicates of `AdditionalSanitizerGuardNode` for backwards compatibility. + */ + abstract private class LegacyAdditionalBarrierGuard extends AdditionalBarrierGuard, + AdditionalSanitizerGuardNodeDeprecated + { + deprecated override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + deprecated override predicate appliesTo(Configuration cfg) { any() } + } + + /** + * DEPRECATED. This class was part of the old data flow library which is now deprecated. + * Use `TaintTracking::AdditionalBarrierGuard` instead. + */ + deprecated class AdditionalSanitizerGuardNode = AdditionalSanitizerGuardNodeDeprecated; + cached - abstract class AdditionalSanitizerGuardNode extends SanitizerGuardNode { + abstract private class AdditionalSanitizerGuardNodeDeprecated extends DataFlow::Node { + // For backwards compatibility, this contains a copy of the SanitizerGuard interface, + // but is does not inherit from it as that would cause re-evaluation of cached barriers. + /** + * Holds if this node blocks expression `e`, provided it evaluates to `outcome`. + */ + cached + deprecated predicate blocks(boolean outcome, Expr e) { none() } + + /** + * Holds if this node sanitizes expression `e`, provided it evaluates + * to `outcome`. + */ + cached + abstract deprecated predicate sanitizes(boolean outcome, Expr e); + + /** + * Holds if this node blocks expression `e` from flow of type `label`, provided it evaluates to `outcome`. + */ + cached + deprecated predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.sanitizes(outcome, e) and label.isTaint() + or + this.sanitizes(outcome, e, label) + } + + /** + * Holds if this node sanitizes expression `e`, provided it evaluates + * to `outcome`. + */ + cached + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + /** * Holds if this guard applies to the flow in `cfg`. */ cached - abstract predicate appliesTo(Configuration cfg); + abstract deprecated predicate appliesTo(Configuration cfg); } /** @@ -199,7 +274,7 @@ module TaintTracking { * implementations of `sanitizes` will _both_ apply to any configuration that includes either of * them. */ - abstract class SanitizerGuardNode extends DataFlow::BarrierGuardNode { + abstract deprecated class SanitizerGuardNode extends DataFlow::BarrierGuardNode { override predicate blocks(boolean outcome, Expr e) { none() } /** @@ -224,255 +299,12 @@ module TaintTracking { /** * A sanitizer guard node that only blocks specific flow labels. */ - abstract class LabeledSanitizerGuardNode extends SanitizerGuardNode, DataFlow::BarrierGuardNode { + abstract deprecated class LabeledSanitizerGuardNode extends SanitizerGuardNode, + DataFlow::BarrierGuardNode + { override predicate sanitizes(boolean outcome, Expr e) { none() } } - /** - * A taint-propagating data flow edge that should be added to all taint tracking - * configurations in addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalTaintStep` - * for analysis-specific taint steps. - * - * This class has multiple kinds of `step` predicates; these all have the same - * effect on taint-tracking configurations. However, the categorization of steps - * allows some data-flow configurations to opt in to specific kinds of taint steps. - */ - class SharedTaintStep extends Unit { - // Each step relation in this class should have a cached version in the `Cached` module - // and be included in the `sharedTaintStep` predicate. - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through URI manipulation. - * - * Does not include string operations that aren't specific to URIs, such - * as concatenation and substring operations. - */ - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge contributed by the heuristics library. - * - * Such steps are provided by the `semmle.javascript.heuristics` libraries - * and will default to be being empty if those libraries are not imported. - */ - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through persistent storage. - */ - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the heap. - */ - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through arrays. - * - * These steps considers an array to be tainted if it contains tainted elements. - */ - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the `state` or `props` or a React component. - */ - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string concatenation. - */ - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string manipulation (other than concatenation). - */ - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - } - - /** - * Module existing only to ensure all taint steps are cached as a single stage, - * and without the the `Unit` type column. - */ - cached - private module Cached { - cached - predicate forceStage() { Stages::Taint::ref() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, which doesn't fit into a more specific category. - */ - cached - predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, contribued by the heuristics library. - */ - cached - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heuristicStep(pred, succ) - } - - /** - * Public taint step relations. - */ - cached - module Public { - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a URI library function. - */ - cached - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).uriStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. - */ - cached - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).persistentStorageStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. - */ - cached - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heapStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through an array. - */ - cached - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).arrayStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the - * properties of a view compenent, such as the `state` or `props` of a React component. - */ - cached - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).viewComponentStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string - * concatenation. - */ - cached - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringConcatenationStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation - * (other than concatenation). - */ - cached - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringManipulationStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - cached - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).serializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - cached - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).deserializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - cached - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).promiseStep(pred, succ) - } - } - } - - import Cached::Public - - /** - * Holds if `pred -> succ` is an edge used by all taint-tracking configurations. - */ - predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - Cached::genericStep(pred, succ) or - Cached::heuristicStep(pred, succ) or - uriStep(pred, succ) or - persistentStorageStep(pred, succ) or - heapStep(pred, succ) or - arrayStep(pred, succ) or - viewComponentStep(pred, succ) or - stringConcatenationStep(pred, succ) or - stringManipulationStep(pred, succ) or - serializeStep(pred, succ) or - deserializeStep(pred, succ) or - promiseStep(pred, succ) - } - /** Gets a data flow node referring to the client side URL. */ private DataFlow::SourceNode clientSideUrlRef(DataFlow::TypeTracker t) { t.start() and @@ -497,11 +329,19 @@ module TaintTracking { exists(StringSplitCall c | c.getBaseString().getALocalSource() = [DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")] and - c.getSeparator() = "?" and + c.getSeparator() = ["?", "#"] and read = c.getAPropertyRead("0") ) } + private class HeapLegacyTaintStep extends LegacyTaintStep { + override predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { + // arrays with tainted elements are tainted (in old data flow) + succ.(DataFlow::ArrayCreationNode).getAnElement() = pred and + not any(PromiseAllCreation call).getArrayNode() = succ + } + } + /** * A taint propagating data flow edge through object or array elements and * promises. @@ -516,10 +356,6 @@ module TaintTracking { // spreading a tainted value into an array literal gives a tainted array succ.(DataFlow::ArrayCreationNode).getASpreadArgument() = pred or - // arrays with tainted elements and objects with tainted property names are tainted - succ.(DataFlow::ArrayCreationNode).getAnElement() = pred and - not any(PromiseAllCreation call).getArrayNode() = succ - or // reading from a tainted object yields a tainted result succ.(DataFlow::PropRead).getBase() = pred and not ( @@ -594,6 +430,16 @@ module TaintTracking { } } + private class LegacySplitTaintStep extends LegacyTaintStep { + override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node target) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "split" and + pred = call.getReceiver() and + target = call + ) + } + } + /** * A taint propagating data flow edge arising from string manipulation * functions defined in the standard library. @@ -610,9 +456,9 @@ module TaintTracking { [ "anchor", "big", "blink", "bold", "concat", "fixed", "fontcolor", "fontsize", "italics", "link", "padEnd", "padStart", "repeat", "replace", "replaceAll", "slice", - "small", "split", "strike", "sub", "substr", "substring", "sup", - "toLocaleLowerCase", "toLocaleUpperCase", "toLowerCase", "toUpperCase", "trim", - "trimLeft", "trimRight", "toWellFormed" + "small", "strike", "sub", "substr", "substring", "sup", "toLocaleLowerCase", + "toLocaleUpperCase", "toLowerCase", "toUpperCase", "trim", "trimLeft", "trimRight", + "toWellFormed" ] or // sorted, interesting, properties of Object.prototype @@ -652,26 +498,29 @@ module TaintTracking { ]).getACall() and pred = c.getArgument(0) ) - or - // In and out of .replace callbacks - exists(StringReplaceCall call | - // Into the callback if the regexp does not sanitize matches - hasWildcardReplaceRegExp(call) and - pred = call.getReceiver() and - succ = call.getReplacementCallback().getParameter(0) - or - // Out of the callback - pred = call.getReplacementCallback().getReturnNode() and - succ = call - ) ) } } - /** Holds if the given call takes a regexp containing a wildcard. */ - pragma[noinline] - private predicate hasWildcardReplaceRegExp(StringReplaceCall call) { - RegExp::isWildcardLike(call.getRegExp().getRoot().getAChild*()) + /** + * A taint propagating edge for the string `replace` function. + * + * This is a legacy step as it crosses a function boundary, and would thus be converted to a jump step. + */ + private class ReplaceCallbackSteps extends LegacyTaintStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // In and out of .replace callbacks + exists(StringReplaceCall call | + // Into the callback if the regexp does not sanitize matches + call.hasRegExpContainingWildcard() and + pred = call.getReceiver() and + succ = call.getReplacementCallback().getParameter(0) + or + // Out of the callback + pred = call.getReplacementCallback().getReturnNode() and + succ = call + ) + } } /** @@ -969,7 +818,7 @@ module TaintTracking { * A conditional checking a tainted string against a regular expression, which is * considered to be a sanitizer for all configurations. */ - class SanitizingRegExpTest extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class SanitizingRegExpTest extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { Expr expr; boolean sanitizedOutcome; @@ -1002,12 +851,10 @@ module TaintTracking { private boolean getSanitizedOutcome() { result = sanitizedOutcome } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = sanitizedOutcome and e = expr } - - override predicate appliesTo(Configuration cfg) { any() } } /** @@ -1017,14 +864,14 @@ module TaintTracking { * * Note that the `includes` method is covered by `MembershipTestSanitizer`. */ - class WhitelistContainmentCallSanitizer extends AdditionalSanitizerGuardNode, + class WhitelistContainmentCallSanitizer extends LegacyAdditionalBarrierGuard, DataFlow::MethodCallNode { WhitelistContainmentCallSanitizer() { this.getMethodName() = ["contains", "has", "hasOwnProperty", "hasOwn"] } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { exists(int propertyIndex | if this.getMethodName() = "hasOwn" then propertyIndex = 1 else propertyIndex = 0 | @@ -1032,8 +879,6 @@ module TaintTracking { e = this.getArgument(propertyIndex).asExpr() ) } - - override predicate appliesTo(Configuration cfg) { any() } } /** @@ -1043,33 +888,40 @@ module TaintTracking { * * This sanitizer is not enabled by default. */ - class AdHocWhitelistCheckSanitizer extends SanitizerGuardNode, DataFlow::CallNode { + class AdHocWhitelistCheckSanitizer extends DataFlow::CallNode { AdHocWhitelistCheckSanitizer() { this.getCalleeName() .regexpMatch("(?i).*((?; + /** A check of the form `if(x in o)`, which sanitizes `x` in its "then" branch. */ - class InSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class InSanitizer extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { override InExpr astNode; - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = astNode.getLeftOperand() } - - override predicate appliesTo(Configuration cfg) { any() } } /** A check of the form `if(o[x] != undefined)`, which sanitizes `x` in its "then" branch. */ - class UndefinedCheckSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class UndefinedCheckSanitizer extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { Expr x; override EqualityTest astNode; @@ -1085,27 +937,23 @@ module TaintTracking { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = astNode.getPolarity().booleanNot() and e = x } - - override predicate appliesTo(Configuration cfg) { any() } } /** A check of the form `type x === "undefined"`, which sanitized `x` in its "then" branch. */ - class TypeOfUndefinedSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class TypeOfUndefinedSanitizer extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { Expr x; override EqualityTest astNode; TypeOfUndefinedSanitizer() { isTypeofGuard(astNode, x, "undefined") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = astNode.getPolarity() and e = x } - - override predicate appliesTo(Configuration cfg) { any() } } /** @@ -1166,7 +1014,7 @@ module TaintTracking { /** * A test of form `x.length === "0"`, preventing `x` from being tainted. */ - class IsEmptyGuard extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class IsEmptyGuard extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; boolean polarity; Expr operand; @@ -1180,24 +1028,20 @@ module TaintTracking { ) } - override predicate sanitizes(boolean outcome, Expr e) { polarity = outcome and e = operand } - - override predicate appliesTo(Configuration cfg) { any() } + override predicate blocksExpr(boolean outcome, Expr e) { polarity = outcome and e = operand } } /** * A check of the form `whitelist.includes(x)` or equivalent, which sanitizes `x` in its "then" branch. */ - class MembershipTestSanitizer extends AdditionalSanitizerGuardNode { + class MembershipTestSanitizer extends LegacyAdditionalBarrierGuard { MembershipCandidate candidate; MembershipTestSanitizer() { this = candidate.getTest() } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { candidate = e.flow() and candidate.getTestPolarity() = outcome } - - override predicate appliesTo(Configuration cfg) { any() } } /** @@ -1205,7 +1049,7 @@ module TaintTracking { * * The more typical case of `x.indexOf(y) >= 0` is covered by `MembershipTestSanitizer`. */ - class PositiveIndexOfSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { + class PositiveIndexOfSanitizer extends LegacyAdditionalBarrierGuard, DataFlow::ValueNode { MethodCallExpr indexOf; override RelationalComparison astNode; @@ -1218,19 +1062,17 @@ module TaintTracking { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = indexOf.getArgument(0) } - - override predicate appliesTo(Configuration cfg) { any() } } /** * An equality test on `e.origin` or `e.source` where `e` is a `postMessage` event object, * considered as a sanitizer for `e`. */ - private class PostMessageEventSanitizer extends AdditionalSanitizerGuardNode { + private class PostMessageEventSanitizer extends LegacyAdditionalBarrierGuard { VarAccess event; boolean polarity; @@ -1247,11 +1089,29 @@ module TaintTracking { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = event } + } - override predicate appliesTo(Configuration cfg) { any() } + import internal.sharedlib.TaintTracking + + /** + * Holds if there is a taint step from `node1` to `node2`. + * + * This includes steps between synthesized nodes generated by flow summaries. + */ + pragma[inline] + predicate defaultTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTrackingPrivate::defaultAdditionalTaintStep(node1, node2) + } + + /** + * Holds if `node` is seen as a barrier for taint-tracking. + */ + pragma[inline] + predicate defaultSanitizer(DataFlow::Node node) { + TaintTrackingPrivate::defaultTaintSanitizer(node) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll index 669b53418a5..3bcc36a6577 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll @@ -92,7 +92,7 @@ class AccessPath extends TAccessPath { * Gets an expression in `bb` represented by this access path. */ cached - Expr getAnInstanceIn(BasicBlock bb) { + Expr getAnInstanceIn(ReachableBasicBlock bb) { Stages::DataFlowStage::ref() and exists(SsaVariable var | this = MkSsaRoot(var) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll new file mode 100644 index 00000000000..d7f92ce8dd3 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll @@ -0,0 +1,34 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Gets a data-flow node synthesized using `AdditionalFlowInternal#needsSynthesizedNode`. + */ +DataFlow::Node getSynthesizedNode(AstNode node, string tag) { + result = TGenericSynthesizedNode(node, tag, _) +} + +/** + * An extension to `AdditionalFlowStep` with additional internal-only predicates. + */ +class AdditionalFlowInternal extends DataFlow::AdditionalFlowStep { + /** + * Holds if a data-flow node should be synthesized for the pair `(node, tag)`. + * + * The node can be obtained using `getSynthesizedNode(node, tag)`. + * + * `container` will be seen as the node's enclosing container. + */ + predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { none() } + + /** + * Holds if `node` should only permit flow of values stored in `contents`. + */ + predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } + + /** + * Holds if `node` should not permit flow of values stored in `contents`. + */ + predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll new file mode 100644 index 00000000000..d02728ef551 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll @@ -0,0 +1,474 @@ +/** + * A copy of the barrier guard logic from `Configuration.qll` in the JS data flow library. + * + * This version considers all barrier guards to be relevant. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.AccessPaths +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import semmle.javascript.dataflow.internal.sharedlib.Ssa as Ssa2 + +private signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e); +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)`. + */ +module MakeBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, Unit state) { + super.blocksExpr(outcome, e) and exists(state) + } + } + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { + result = MakeStateBarrierGuard::getABarrierNode(_) + } +} + +deprecated private module DeprecationWrapper { + signature class LabeledBarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label); + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, label)`. + */ +deprecated module MakeLabeledBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { + super.blocksExpr(outcome, e, label) + } + } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = MakeStateBarrierGuard::getABarrierNode(label) + } +} + +/** + * Contains deprecated signatures. + * + * This module is a workaround for the fact that deprecated signatures can't refer to deprecated classes + * without getting a deprecation warning + */ +deprecated private module DeprecatedSigs { + signature predicate isBarrierGuardSig(DataFlow::BarrierGuardNode node); +} + +/** + * Converts a labeled barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` and `isBarrier(node, label)` + * in a `DataFlow::StateConfigSig` implementation. + */ +deprecated module MakeLegacyBarrierGuardLabeled { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode("") } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = Guards::getABarrierNode(label) + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` in a `DataFlow::ConfigSig` implementation. + */ +deprecated module MakeLegacyBarrierGuard { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode(["", "data", "taint"]) } +} + +bindingset[this] +private signature class FlowStateSig; + +private module WithFlowState { + signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state); + } +} + +/** + * Projects the dominator tree onto a tree that only considers dominance between `ConditionGuardNode`s. + * + * This exists to speeds up the dominance check for barrier guards acting on an access path, avoiding the following two + * bad join orders: + * + * - Enumerate all basic blocks dominated by a barrier guard, and then find uses of the access path in those blocks. + * - Enumerate all uses of an access path and then select those that are in a dominated block. + * + * Both joins have pathological cases in different benchmarks. + * + * We use a join order that is essentially the first one above, except we only enumerate condition guards, not all the blocks. + */ +cached +private module ConditionGuardDominators { + /** Gets the condition guard that most-immediately dominates `bb`. */ + private ConditionGuardNode getDominatingCondition(ReachableBasicBlock bb) { + result.getBasicBlock() = bb + or + not bb = any(ConditionGuardNode guard).getBasicBlock() and + result = getDominatingCondition(bb.getImmediateDominator()) + } + + private predicate immediateDom(ConditionGuardNode dominator, ConditionGuardNode dominated) { + dominator = getDominatingCondition(dominated.getBasicBlock().getImmediateDominator()) + or + dominator = dominated // make the fastTC below reflexive + } + + /** Gets a condition guard dominated by `node` */ + cached + ConditionGuardNode getADominatedConditionGuard(ConditionGuardNode node) = + fastTC(immediateDom/2)(node, result) + + /** Gets a use of `ap` and binds `guard` to its immediately-dominating condition guard (if any). */ + cached + Expr getAnAccessPathUseUnderCondition(AccessPath ap, ConditionGuardNode guard) { + exists(ReachableBasicBlock bb | + result = ap.getAnInstanceIn(bb) and + guard = getDominatingCondition(bb) + ) + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, state)`. + */ +module MakeStateBarrierGuard< + FlowStateSig FlowState, WithFlowState::BarrierGuardSig BaseGuard> +{ + final private class FinalNode = DataFlow::Node; + + abstract private class BarrierGuard extends FinalNode { + abstract predicate blocksExpr(boolean outcome, Expr test, FlowState state); + } + + private class ExplicitBarrierGuard extends BarrierGuard instanceof BaseGuard { + override predicate blocksExpr(boolean outcome, Expr test, FlowState state) { + BaseGuard.super.blocksExpr(outcome, test, state) + } + } + + /** + * Gets a node and flow state that is blocked by a barrier guard. + */ + pragma[nomagic] + DataFlow::Node getABarrierNode(FlowState state) { barrierGuardBlocksNode(result, state) } + + // + // ================================================================================================ + // NOTE + // The rest of this file is a copy of the barrier-guard logic in Configuration.qll except: + // - FlowLabel is replaced by FlowState + // - BarrierGuardNode and AdditionalBarrierGuardNode are replaced by the BarrierGuard class defined above + // - `barrierGuardBlocksEdge` is missing as dataflow2 does not support barrier edges + // - `barrierGuardIsRelevant` does not check pruning results as we can't access that from here + // - `barrierGuardBlocksNode` has been rewritten to perform better without pruning. + // ================================================================================================ + // + /** + * Holds if data flow node `guard` acts as a barrier for data flow. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksExpr( + BarrierGuard guard, boolean outcome, Expr test, FlowState state + ) { + guard.blocksExpr(outcome, test, state) + } + + /** + * Holds if `guard` may block the flow of a value reachable through exploratory flow. + */ + pragma[nomagic] + private predicate barrierGuardIsRelevant(BarrierGuard guard) { + exists(Expr e | + barrierGuardBlocksExpr(guard, _, e, _) + // All guards are considered relevant (this is the difference from the main JS lib) + // isRelevantForward(e.flow(), _) + ) + } + + /** + * Holds if data flow node `guard` acts as a barrier for data flow due to aliasing through + * an access path. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPath( + BarrierGuard guard, boolean outcome, AccessPath ap, FlowState state + ) { + barrierGuardIsRelevant(guard) and + barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), state) + } + + /** + * Holds if there exists an input variable of `ref` that blocks the state `state`. + * + * This predicate is outlined to give the optimizer a hint about the join ordering. + */ + pragma[nomagic] + private predicate barrierGuardBlocksSsaRefinement( + BarrierGuard guard, boolean outcome, SsaRefinementNode ref, FlowState state + ) { + barrierGuardIsRelevant(guard) and + guard.getEnclosingExpr() = ref.getGuard().getTest() and + forex(SsaVariable input | input = ref.getAnInput() | + barrierGuardBlocksExpr(guard, outcome, input.getAUse(), state) + ) + } + + /** + * Holds if the result of `guard` is used in the branching condition `cond`. + * + * `outcome` is bound to the outcome of `cond` for join-ordering purposes. + */ + pragma[nomagic] + private predicate barrierGuardUsedInCondition( + BarrierGuard guard, ConditionGuardNode cond, boolean outcome + ) { + barrierGuardIsRelevant(guard) and + outcome = cond.getOutcome() and + ( + cond.getTest() = guard.getEnclosingExpr() + or + cond.getTest().flow().getImmediatePredecessor+() = guard + ) + } + + private predicate ssa2GuardChecks( + Ssa2::SsaDataflowInput::Guard guard, Ssa2::SsaDataflowInput::Expr test, boolean branch, + FlowState state + ) { + exists(BarrierGuard g | + g.asExpr() = guard and + g.blocksExpr(branch, test, state) + ) + } + + private module Ssa2Barrier = Ssa2::BarrierGuardWithState; + + private predicate ssa2BlocksNode(DataFlow::Node node, FlowState state) { + node = DataFlowPrivate::getNodeFromSsa2(Ssa2Barrier::getABarrierNode(state)) + } + + /** Holds if a barrier guard blocks uses of `ap` in basic blocks dominated by `cond`. */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPathIn( + AccessPath ap, ConditionGuardNode cond, FlowState state + ) { + exists(BarrierGuard guard, boolean outcome | + barrierGuardBlocksAccessPath(guard, outcome, ap, state) and + barrierGuardUsedInCondition(guard, cond, outcome) + ) + } + + /** + * Holds if `expr` is an access path reference that is blocked by a barrier guard. + */ + pragma[noopt] + private predicate barrierGuardBlocksAccessPathUse(Expr use, FlowState state) { + exists(AccessPath p, ConditionGuardNode cond, ConditionGuardNode useDominator | + barrierGuardBlocksAccessPathIn(p, cond, state) and + useDominator = ConditionGuardDominators::getADominatedConditionGuard(cond) and + use = ConditionGuardDominators::getAnAccessPathUseUnderCondition(p, useDominator) + ) + } + + /** + * Holds if data flow node `nd` acts as a barrier for data flow, possibly due to aliasing + * through an access path. + * + * `state` is bound to the blocked state. + */ + pragma[nomagic] + private predicate barrierGuardBlocksNode(DataFlow::Node nd, FlowState state) { + exists(BarrierGuard guard, SsaRefinementNode ref, boolean outcome | + nd = DataFlow::ssaDefinitionNode(ref) and + outcome = ref.getGuard().(ConditionGuardNode).getOutcome() and + barrierGuardBlocksSsaRefinement(guard, outcome, ref, state) + ) + or + exists(Expr use | + barrierGuardBlocksAccessPathUse(use, state) and + nd = DataFlow::valueNode(use) + ) + or + ssa2BlocksNode(nd, state) + } + + /** + * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalAndParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) + or + result.getUnderlyingValue() = getALogicalAndParent(guard) + } + + /** + * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalOrParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) + or + result.getUnderlyingValue() = getALogicalOrParent(guard) + } + + final private class FinalFunction = Function; + + /** + * A function that returns the result of a barrier guard. + */ + private class BarrierGuardFunction extends FinalFunction { + DataFlow::ParameterNode sanitizedParameter; + BarrierGuard guard; + boolean guardOutcome; + FlowState state; + int paramIndex; + + BarrierGuardFunction() { + barrierGuardIsRelevant(guard) and + exists(Expr e | + exists(Expr returnExpr | + returnExpr = guard.asExpr() + or + // ad hoc support for conjunctions: + getALogicalAndParent(guard) = returnExpr and guardOutcome = true + or + // ad hoc support for disjunctions: + getALogicalOrParent(guard) = returnExpr and guardOutcome = false + | + exists(SsaExplicitDefinition ssa | + ssa.getDef().getSource() = returnExpr and + ssa.getVariable().getAUse() = this.getAReturnedExpr() + ) + or + returnExpr = this.getAReturnedExpr() + ) and + sanitizedParameter.flowsToExpr(e) and + barrierGuardBlocksExpr(guard, guardOutcome, e, state) + ) and + sanitizedParameter.getParameter() = this.getParameter(paramIndex) + } + + /** + * Holds if this function sanitizes argument `e` of call `call`, provided the call evaluates to `outcome`. + */ + predicate isBarrierCall(DataFlow::CallNode call, Expr e, boolean outcome, FlowState st) { + exists(DataFlow::Node arg | + DataFlow::argumentPassingStep(pragma[only_bind_into](call), pragma[only_bind_into](arg), + pragma[only_bind_into](this), pragma[only_bind_into](sanitizedParameter)) and + arg.asExpr() = e and + arg = call.getArgument(paramIndex) and + outcome = guardOutcome and + state = st + ) + } + } + + /** + * A call that sanitizes an argument. + */ + private class AdditionalBarrierGuardCall extends BarrierGuard instanceof DataFlow::CallNode { + BarrierGuardFunction f; + + AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + f.isBarrierCall(this, e, outcome, state) + } + } + + /** + * A sanitizer where an inner sanitizer is compared against a boolean. + * E.g. (assuming `sanitizes(e)` is an existing sanitizer): + * ```javascript + * if (sanitizes(e) === true) { + * // e is sanitized + * } + * ``` + */ + private class CallAgainstEqualityCheck extends BarrierGuard { + BarrierGuard prev; + boolean polarity; + + CallAgainstEqualityCheck() { + prev instanceof DataFlow::CallNode and + exists(EqualityTest test, BooleanLiteral bool | + this.asExpr() = test and + test.hasOperands(prev.asExpr(), bool) and + polarity = test.getPolarity().booleanXor(bool.getBoolValue()) + ) + } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + exists(boolean prevOutcome | + barrierGuardBlocksExpr(prev, prevOutcome, e, state) and + outcome = prevOutcome.booleanXor(polarity) + ) + } + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll new file mode 100644 index 00000000000..23b2311594e --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -0,0 +1,513 @@ +private import javascript +private import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.VariableOrThis +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax + +module Private { + import Public + + /** + * Gets the largest array index should be propagated precisely through flow summaries. + * + * Note that all known array indices have a corresponding singleton content, but some will + * be collapsed in flow summaries that operate on array elements. + */ + int getMaxPreciseArrayIndex() { result = 9 } + + /** Gets the largest array index should be propagated precisely through flow summaries. */ + int getAPreciseArrayIndex() { result = [0 .. getMaxPreciseArrayIndex()] } + + /** + * Holds if a MaD access path token of form `name[arg]` exists. + */ + predicate isAccessPathTokenPresent(string name, string arg) { + arg = any(FlowSummaryPrivate::AccessPathToken tok).getAnArgument(name) + or + arg = any(ApiGraphModels::AccessPathToken tok).getAnArgument(name) + } + + /** + * Holds if values associated with `key` should be tracked as a individual contents of a `Map` object. + */ + private predicate isKnownMapKey(string key) { + exists(MethodCallExpr call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + call.getArgument(0).getStringValue() = key + ) + or + isAccessPathTokenPresent("MapValue", key) + } + + /** + * A known property name. + */ + class PropertyName extends string { + // Note: unlike the similarly-named class in StepSummary.qll, this class must not depend on DataFlow::Node + PropertyName() { + this = any(PropAccess access).getPropertyName() + or + this = any(Property p).getName() + or + this = any(PropertyPattern p).getName() + or + this = any(GlobalVariable v).getName() + or + this = getAPreciseArrayIndex().toString() + or + isAccessPathTokenPresent("Member", this) + } + + /** Gets the array index corresponding to this property name. */ + pragma[nomagic] + int asArrayIndex() { result = this.toInt() and result >= 0 and this = result.toString() } + } + + cached + newtype TContent = + MkPropertyContent(PropertyName name) or + MkArrayElementUnknown() or // note: array elements with known index are just properties + MkMapKey() or + MkMapValueWithUnknownKey() or + MkMapValueWithKnownKey(string key) { isKnownMapKey(key) } or + MkSetElement() or + MkIteratorElement() or + MkIteratorError() or + MkPromiseValue() or + MkPromiseError() or + MkCapturedContent(LocalVariableOrThis v) { v.isCaptured() } + + cached + newtype TContentSet = + MkSingletonContent(Content content) or + MkArrayElementKnown(int index) { index = any(PropertyName name).asArrayIndex() } or + MkArrayElementLowerBound(int index) { index = [0 .. getMaxPreciseArrayIndex() + 1] } or + MkMapValueKnown(string key) { isKnownMapKey(key) } or + MkMapValueAll() or + MkPromiseFilter() or + MkIteratorFilter() or + MkAnyProperty() or + MkAnyCapturedContent() or + // The following content sets are used exclusively as an intermediate value in flow summaries. + // These are encoded as a ContentSummaryComponent, although the flow graphs we generate are different + // than an ordinary content component. These special content sets should never appear in a step. + MkAwaited() or + MkAnyPropertyDeep() or + MkArrayElementDeep() or + MkOptionalStep(string name) { isAccessPathTokenPresent("OptionalStep", name) } or + MkOptionalBarrier(string name) { isAccessPathTokenPresent("OptionalBarrier", name) } + + /** + * Holds if `cs` is used to encode a special operation as a content component, but should not + * be treated as an ordinary content component. + */ + predicate isSpecialContentSet(ContentSet cs) { + cs = MkAwaited() or + cs = MkAnyPropertyDeep() or + cs = MkArrayElementDeep() or + cs instanceof MkOptionalStep or + cs instanceof MkOptionalBarrier + } +} + +module Public { + private import Private + + /** + * A storage location on an object, such as a property name. + */ + class Content extends TContent { + /** Gets a string representation of this content. */ + cached + string toString() { + // Note that these strings are visible to the end-user, in the access path of a PathNode. + result = this.asPropertyName() + or + this.isUnknownArrayElement() and + result = "ArrayElement" + or + this = MkMapKey() and + result = "MapKey" + or + this = MkMapValueWithUnknownKey() and + result = "MapValue" + or + exists(string key | + this = MkMapValueWithKnownKey(key) and + result = "MapValue[" + key + "]" + ) + or + this = MkSetElement() and + result = "SetElement" + or + this = MkIteratorElement() and + result = "IteratorElement" + or + this = MkIteratorError() and + result = "IteratorError" + or + this = MkPromiseValue() and + result = "PromiseValue" + or + this = MkPromiseError() and + result = "PromiseError" + or + result = this.asCapturedVariable().getName() + } + + /** Gets the property name represented by this content, if any. */ + string asPropertyName() { this = MkPropertyContent(result) } + + /** Gets the array index represented by this content, if any. */ + pragma[nomagic] + int asArrayIndex() { result = this.asPropertyName().(PropertyName).asArrayIndex() } + + /** Gets the captured variable represented by this content, if any. */ + LocalVariableOrThis asCapturedVariable() { this = MkCapturedContent(result) } + + /** Holds if this represents values stored at an unknown array index. */ + predicate isUnknownArrayElement() { this = MkArrayElementUnknown() } + + /** Holds if this represents values stored in a `Map` at an unknown key. */ + predicate isMapValueWithUnknownKey() { this = MkMapValueWithUnknownKey() } + + /** Holds if this represents values stored in a `Map` as the given string key. */ + predicate isMapValueWithKnownKey(string key) { this = MkMapValueWithKnownKey(key) } + } + + /** + * An entity that represents the set of `Content`s being accessed at a read or store operation. + */ + class ContentSet extends TContentSet { + /** Gets a content that may be stored into when storing into this set. */ + pragma[inline] + Content getAStoreContent() { + result = this.asSingleton() + or + // For array element access with known lower bound, just store into the unknown array element + this = ContentSet::arrayElementLowerBound(_) and + result.isUnknownArrayElement() + or + exists(int n | + this = ContentSet::arrayElementKnown(n) and + result.asArrayIndex() = n + ) + or + exists(string key | + this = ContentSet::mapValueWithKnownKey(key) and + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + result.isMapValueWithUnknownKey() + } + + /** Gets a content that may be read from when reading from this set. */ + pragma[nomagic] + Content getAReadContent() { + result = this.asSingleton() + or + this = ContentSet::promiseFilter() and + ( + result = MkPromiseValue() + or + result = MkPromiseError() + ) + or + this = ContentSet::iteratorFilter() and + ( + result = MkIteratorElement() + or + result = MkIteratorError() + ) + or + exists(int bound | this = ContentSet::arrayElementLowerBound(bound) | + result.isUnknownArrayElement() + or + result.asArrayIndex() >= bound + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) | + result.isUnknownArrayElement() + or + result.asArrayIndex() = n + ) + or + exists(string key | this = ContentSet::mapValueWithKnownKey(key) | + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + ( + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(_) + ) + or + this = ContentSet::anyProperty() and + ( + result instanceof MkPropertyContent + or + result instanceof MkArrayElementUnknown + ) + or + this = ContentSet::anyCapturedContent() and + result instanceof Private::MkCapturedContent + } + + /** Gets the singleton content to be accessed. */ + Content asSingleton() { this = MkSingletonContent(result) } + + /** Gets the property name to be accessed, provided that this is a singleton content set. */ + PropertyName asPropertyName() { result = this.asSingleton().asPropertyName() } + + /** + * Gets a string representation of this content set. + */ + string toString() { + result = this.asSingleton().toString() + or + this = ContentSet::promiseFilter() and result = "PromiseFilter" + or + this = ContentSet::iteratorFilter() and result = "IteratorFilter" + or + exists(int bound | + this = ContentSet::arrayElementLowerBound(bound) and + result = "ArrayElement[" + bound + "..]" + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) and result = "ArrayElement[" + n + "]") + or + this = ContentSet::mapValueAll() and + result = "MapValue" + or + this = ContentSet::anyProperty() and + result = "AnyMember" + or + this = MkAwaited() and result = "Awaited (with coercion)" + or + this = MkAnyPropertyDeep() and result = "AnyMemberDeep" + or + this = MkArrayElementDeep() and result = "ArrayElementDeep" + or + this = MkAnyCapturedContent() and + result = "AnyCapturedContent" + or + exists(string name | + this = MkOptionalStep(name) and + result = "OptionalStep[" + name + "]" + ) + or + exists(string name | + this = MkOptionalBarrier(name) and + result = "OptionalBarrier[" + name + "]" + ) + } + } + + /** + * Companion module to the `ContentSet` class, providing access to various content sets. + */ + module ContentSet { + /** + * A content set containing only the given content. + */ + pragma[inline] + ContentSet singleton(Content content) { result.asSingleton() = content } + + /** + * A content set corresponding to the given property name. + */ + pragma[inline] + ContentSet property(PropertyName name) { result.asSingleton().asPropertyName() = name } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two promise-related contents, `Awaited[value]` and `Awaited[error]`. + */ + ContentSet promiseFilter() { result = MkPromiseFilter() } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two iterator-related contents, `IteratorElement` and `IteratorError`. + */ + ContentSet iteratorFilter() { result = MkIteratorFilter() } + + /** + * A content set describing the result of a resolved promise. + */ + ContentSet promiseValue() { result = singleton(MkPromiseValue()) } + + /** + * A content set describing the error stored in a rejected promise. + */ + ContentSet promiseError() { result = singleton(MkPromiseError()) } + + /** + * A content set describing all array elements, regardless of their index in the array. + */ + ContentSet arrayElement() { result = MkArrayElementLowerBound(0) } + + /** + * A content set describing array elements at index `bound` or greater. + * + * For `bound=0` this gets the same content set as `ContentSet::arrayElement()`, that is, + * the content set describing all array elements. + * + * For large values of `bound` this has no result - see `ContentSet::arrayElementLowerBoundFromInt`. + */ + ContentSet arrayElementLowerBound(int bound) { result = MkArrayElementLowerBound(bound) } + + /** + * A content set describing an access to array index `n`. + * + * This content set reads from element `n` and the unknown element, and stores to index `n`. + * + * For large values of `n` this has no result - see `ContentSet::arrayElementFromInt`. + */ + ContentSet arrayElementKnown(int n) { result = MkArrayElementKnown(n) } + + /** + * The singleton content set describing array elements stored at an unknown index. + */ + ContentSet arrayElementUnknown() { result = singleton(MkArrayElementUnknown()) } + + /** + * Gets a content set describing array elements at index `bound` or greater. + * + * If `bound` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[bound] + ContentSet arrayElementLowerBoundFromInt(int bound) { + result = arrayElementLowerBound(bound.minimum(getMaxPreciseArrayIndex() + 1)) + } + + /** + * Gets the content set describing an access to array index `n`. + * + * If `n` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[n] + ContentSet arrayElementFromInt(int n) { + result = arrayElementKnown(n) + or + not exists(arrayElementKnown(n)) and + result = arrayElementLowerBoundFromInt(n) + } + + /** Gets the content set describing the keys of a `Map` object. */ + ContentSet mapKey() { result = singleton(MkMapKey()) } + + /** Gets the content set describing the values of a `Map` object stored with an unknown key. */ + ContentSet mapValueWithUnknownKey() { result = singleton(MkMapValueWithUnknownKey()) } + + /** + * Gets the content set describing the value of a `Map` object stored with the given known `key`. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKeyStrict(string key) { result = MkMapValueKnown(key) } + + /** + * Gets the content set describing an access to a map value with the given `key`. + * + * This content set also reads from a value stored with an unknown key. Use `mapValueWithKnownKeyStrict` to strictly + * refer to known keys. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKey(string key) { result = singleton(MkMapValueWithKnownKey(key)) } + + /** Gets the content set describing all values in a map (with known or unknown key). */ + ContentSet mapValueAll() { result = MkMapValueAll() } + + /** + * Gets the content set describing the value in a `Map` object stored at the given `key`. + * + * If `key` is not one of the keys we track precisely, this is mapped to the unknown key instead. + */ + bindingset[key] + ContentSet mapValueFromKey(string key) { + result = mapValueWithKnownKey(key) + or + not exists(mapValueWithKnownKey(key)) and + result = mapValueWithUnknownKey() + } + + /** Gets the content set describing the elements of a `Set` object. */ + ContentSet setElement() { result = singleton(MkSetElement()) } + + /** Gets the content set describing the elements of an iterator object. */ + ContentSet iteratorElement() { result = singleton(MkIteratorElement()) } + + /** Gets the content set describing the exception to be thrown when attempting to iterate over the given value. */ + ContentSet iteratorError() { result = singleton(MkIteratorError()) } + + /** + * Gets a content set that reads from all ordinary properties. + * + * This includes array elements, but not the contents of `Map`, `Set`, `Promise`, or iterator objects. + * + * This content set has no effect if used in a store step. + */ + ContentSet anyProperty() { result = MkAnyProperty() } + + /** + * Gets a content set corresponding to the pseudo-property `propertyName`. + */ + pragma[nomagic] + private ContentSet fromLegacyPseudoProperty(string propertyName) { + propertyName = Promises::valueProp() and + result = promiseValue() + or + propertyName = Promises::errorProp() and + result = promiseError() + or + propertyName = DataFlow::PseudoProperties::arrayElement() and + result = arrayElement() + or + propertyName = DataFlow::PseudoProperties::iteratorElement() and + result = iteratorElement() + or + propertyName = DataFlow::PseudoProperties::setElement() and + result = setElement() + or + propertyName = DataFlow::PseudoProperties::mapValueAll() and + result = mapValueAll() + or + propertyName = DataFlow::PseudoProperties::mapValueUnknownKey() and + result = mapValueWithUnknownKey() + or + exists(string key | + propertyName = DataFlow::PseudoProperties::mapValueKey(key) and + result = mapValueWithKnownKey(key) + ) + } + + /** + * Gets the content set corresponding to the given property name, where legacy pseudo-properties + * are mapped to their corresponding content sets (which are no longer seen as property names). + */ + bindingset[propertyName] + ContentSet fromLegacyProperty(string propertyName) { + result = fromLegacyPseudoProperty(propertyName) + or + not exists(fromLegacyPseudoProperty(propertyName)) and + ( + // In case a map-value key was contributed via a SharedFlowStep, but we don't have a ContentSet for it, + // convert it to the unknown key. + if DataFlow::PseudoProperties::isMapValueKey(propertyName) + then result = mapValueWithUnknownKey() + else result = property(propertyName) + ) + } + + /** + * Gets a content set that reads from all captured variables stored on a function. + */ + ContentSet anyCapturedContent() { result = Private::MkAnyCapturedContent() } + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll new file mode 100644 index 00000000000..e5ce83d86c8 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll @@ -0,0 +1,56 @@ +private import javascript +private import codeql.dataflow.internal.DataFlowImplConsistency +private import sharedlib.DataFlowArg +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.DataFlowNode + +private module ConsistencyConfig implements InputSig { + private predicate isAmbientNode(DataFlow::Node node) { + exists(AstNode n | n.isAmbient() | + node = TValueNode(n) or + node = TThisNode(n) or + node = TReflectiveParametersNode(n) or + node = TPropNode(n) or + node = TFunctionSelfReferenceNode(n) or + node = TExceptionalFunctionReturnNode(n) or + node = TExprPostUpdateNode(n) or + node = TExceptionalInvocationReturnNode(n) or + node = TDestructuredModuleImportNode(n) + ) + } + + predicate missingLocationExclude(DataFlow::Node n) { + n instanceof FlowSummaryNode + or + n instanceof FlowSummaryIntermediateAwaitStoreNode + or + n instanceof FlowSummaryDynamicParameterArrayNode + or + n instanceof FlowSummaryDefaultExceptionalReturn + or + n instanceof GenericSynthesizedNode + or + n = DataFlow::globalAccessPathRootPseudoNode() + } + + predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) } + + predicate uniqueEnclosingCallableExclude(DataFlow::Node n) { isAmbientNode(n) } + + predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) { + isAmbientNode(call.asOrdinaryCall()) or + isAmbientNode(call.asAccessorCall()) + } + + predicate argHasPostUpdateExclude(ArgumentNode node) { + // Side-effects directly on these can't propagate back to the caller, and for longer access paths it's too imprecise + node instanceof TStaticArgumentArrayNode or + node instanceof TDynamicArgumentArrayNode + } + + predicate reverseReadExclude(DataFlow::Node node) { + node instanceof FlowSummaryDynamicParameterArrayNode + } +} + +module Consistency = MakeConsistency; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index d6ba48d77cb..26bff4fdf80 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -5,38 +5,157 @@ */ private import javascript +private import codeql.util.Boolean +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.sharedlib.Ssa as Ssa2 +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.VariableCapture as VariableCapture +private import semmle.javascript.dataflow.internal.VariableOrThis + +cached +private module Cached { + private Content dynamicArgumentsContent() { + result.asArrayIndex() = [0 .. 10] + or + result.isUnknownArrayElement() + } + + /** + * The raw data type underlying `DataFlow::Node`. + */ + cached + newtype TNode = + TValueNode(AST::ValueNode nd) or + /** An SSA node from the legacy SSA library */ + TSsaDefNode(SsaDefinition d) or + /** Use of a variable or 'this', with flow from a post-update node (from an earlier use) */ + TSsaUseNode(ControlFlowNode use) { use = any(Ssa2::SsaConfig::SourceVariable v).getAUse() } or + /** Phi-read node (new SSA library). Ordinary phi nodes are represented by TSsaDefNode. */ + TSsaPhiReadNode(Ssa2::PhiReadNode phi) or + /** Input to a phi node (new SSA library) */ + TSsaInputNode(Ssa2::SsaInputNode input) or + TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or + TPropNode(@property p) or + TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or + TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or + TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or + TReflectiveCallNode(MethodCallExpr ce, string kind) { + ce.getMethodName() = kind and + (kind = "call" or kind = "apply") + } or + TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or + TFunctionSelfReferenceNode(Function f) or + TStaticArgumentArrayNode(InvokeExpr node) or + TDynamicArgumentArrayNode(InvokeExpr node) { node.isSpreadArgument(_) } or + TStaticParameterArrayNode(Function f) { + f.getAParameter().isRestParameter() or f.usesArgumentsObject() + } or + TDynamicParameterArrayNode(Function f) or + /** Data about to be stored in the rest parameter object. Needed for shifting array indices. */ + TRestParameterStoreNode(Function f, Content storeContent) { + f.getRestParameter().getIndex() > 0 and + storeContent = dynamicArgumentsContent() + } or + /** Data about to be stored in the dynamic argument array of an invocation. Needed for shifting array indices. */ + TDynamicArgumentStoreNode(InvokeExpr invoke, Content storeContent) { + invoke.isSpreadArgument(_) and + storeContent = dynamicArgumentsContent() + } or + TApplyCallTaintNode(MethodCallExpr node) { + node.getMethodName() = "apply" and exists(node.getArgument(1)) + } or + TDestructuredModuleImportNode(ImportDeclaration decl) { + exists(decl.getASpecifier().getImportedName()) + } or + THtmlAttributeNode(HTML::Attribute attr) or + TXmlAttributeNode(XmlAttribute attr) or + TFunctionReturnNode(Function f) or + TExceptionalFunctionReturnNode(Function f) or + TExceptionalInvocationReturnNode(InvokeExpr e) or + TGlobalAccessPathRoot() or + TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or + TReflectiveParametersNode(Function f) { f.usesArgumentsObject() } or + TExprPostUpdateNode(AST::ValueNode e) { + e = any(InvokeExpr invoke).getAnArgument() or + e = any(PropAccess access).getBase() or + e = any(DestructuringPattern pattern) or + e = any(InvokeExpr invoke).getCallee() or + // We have read steps out of the await operand, so it technically needs a post-update + e = any(AwaitExpr a).getOperand() or + e = any(Function f) or // functions are passed as their own self-reference argument + // The RHS of an assignment can be an argument to a setter-call, so it needs a post-update node + e = any(Assignment asn | asn.getTarget() instanceof PropAccess).getRhs() + } or + TNewCallThisArgument(NewExpr e) or + TImplicitThisUse(ImplicitThisUse use, Boolean isPost) or + TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or + TFlowSummaryDynamicParameterArrayNode(FlowSummaryImpl::Public::SummarizedCallable callable) or + TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { + // NOTE: This dependency goes through the 'Steps' module whose instantiation depends on the call graph, + // but the specific predicate we're referering to does not use that information. + // So it doesn't cause negative recursion but it might look a bit surprising. + FlowSummaryPrivate::Steps::summaryStoreStep(sn, MkAwaited(), _) + } or + TFlowSummaryDefaultExceptionalReturn(FlowSummaryImpl::Public::SummarizedCallable callable) { + not DataFlowPrivate::mentionsExceptionalReturn(callable) + } or + TSynthCaptureNode(VariableCapture::VariableCaptureOutput::SynthesizedCaptureNode node) or + TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { + any(AdditionalFlowInternal flow).needsSynthesizedNode(node, tag, container) + } or + TForbiddenRecursionGuard() { + none() and + // We want to prune irrelevant models before materialising data flow nodes, so types contributed + // directly from CodeQL must expose their pruning info without depending on data flow nodes. + (any(ModelInput::TypeModel tm).isTypeUsed("") implies any()) + } + + cached + private module Backref { + cached + predicate backref() { + DataFlowImplCommon::forceCachingInSameStage() or + exists(any(DataFlow::Node node).toString()) or + exists(any(DataFlow::Node node).getContainer()) or + any(DataFlow::Node node).hasLocationInfo(_, _, _, _, _) or + exists(any(Content c).toString()) + } + } +} + +import Cached + +private class TEarlyStageNode = + TValueNode or TSsaDefNode or TCapturedVariableNode or TPropNode or TRestPatternNode or + TElementPatternNode or TElementNode or TReflectiveCallNode or TThisNode or + TFunctionSelfReferenceNode or TDestructuredModuleImportNode or THtmlAttributeNode or + TFunctionReturnNode or TExceptionalFunctionReturnNode or TExceptionalInvocationReturnNode or + TGlobalAccessPathRoot or TTemplatePlaceholderTag or TReflectiveParametersNode or + TExprPostUpdateNode or TNewCallThisArgument or TStaticArgumentArrayNode or + TDynamicArgumentArrayNode or TStaticParameterArrayNode or TDynamicParameterArrayNode or + TImplicitThisUse; /** - * The raw data type underlying `DataFlow::Node`. + * A data-flow node that is not a flow summary node. + * + * This node exists to avoid an unwanted dependency on flow summaries in some parts of the codebase + * that should not depend on them. + * + * In particular, this dependency chain must not result in negative recursion: + * - Flow summaries can only be created after pruning irrelevant flow summaries + * - To prune irrelevant flow summaries, we must know which packages are imported + * - To know which packages are imported, module systems must be evaluated + * - The AMD and NodeJS module systems rely on data flow to find calls to `require` and similar. + * These module systems must therefore use `EarlyStageNode` instead of `DataFlow::Node`. */ -cached -newtype TNode = - TValueNode(AST::ValueNode nd) or - TSsaDefNode(SsaDefinition d) or - TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or - TPropNode(@property p) or - TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or - TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or - TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or - TReflectiveCallNode(MethodCallExpr ce, string kind) { - ce.getMethodName() = kind and - (kind = "call" or kind = "apply") - } or - TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or - TDestructuredModuleImportNode(ImportDeclaration decl) { - exists(decl.getASpecifier().getImportedName()) - } or - THtmlAttributeNode(HTML::Attribute attr) or - TXmlAttributeNode(XmlAttribute attr) or - TFunctionReturnNode(Function f) or - TExceptionalFunctionReturnNode(Function f) or - TExceptionalInvocationReturnNode(InvokeExpr e) or - TGlobalAccessPathRoot() or - TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or - TReflectiveParametersNode(Function f) or - TForbiddenRecursionGuard() { - none() and - // We want to prune irrelevant models before materialising data flow nodes, so types contributed - // directly from CodeQL must expose their pruning info without depending on data flow nodes. - (any(ModelInput::TypeModel tm).isTypeUsed("") implies any()) - } +class EarlyStageNode extends TEarlyStageNode { + /** Gets a string representation of this data flow node. */ + string toString() { result = this.(DataFlow::Node).toString() } + + /** Gets the location of this data flow node. */ + Location getLocation() { result = this.(DataFlow::Node).getLocation() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll new file mode 100644 index 00000000000..0e95d351155 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -0,0 +1,1666 @@ +private import javascript +private import semmle.javascript.dataflow.internal.CallGraphs +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.VariableCapture +private import semmle.javascript.dataflow.internal.VariableOrThis +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.sharedlib.Ssa as Ssa2 +private import semmle.javascript.internal.flow_summaries.AllFlowSummaries +private import sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.FlowSummary as FlowSummary +private import semmle.javascript.dataflow.internal.BarrierGuards + +class DataFlowSecondLevelScope = Unit; + +private class Node = DataFlow::Node; + +class PostUpdateNode = DataFlow::PostUpdateNode; + +class SsaUseNode extends DataFlow::Node, TSsaUseNode { + private ControlFlowNode expr; + + SsaUseNode() { this = TSsaUseNode(expr) } + + cached + override string toString() { result = "[ssa-use] " + expr.toString() } + + cached + override StmtContainer getContainer() { result = expr.getContainer() } + + cached + override Location getLocation() { result = expr.getLocation() } +} + +class SsaPhiReadNode extends DataFlow::Node, TSsaPhiReadNode { + private Ssa2::PhiReadNode phi; + + SsaPhiReadNode() { this = TSsaPhiReadNode(phi) } + + cached + override string toString() { result = "[ssa-phi-read] " + phi.getSourceVariable().getName() } + + cached + override StmtContainer getContainer() { result = phi.getSourceVariable().getDeclaringContainer() } + + cached + override Location getLocation() { result = phi.getLocation() } +} + +class SsaInputNode extends DataFlow::Node, TSsaInputNode { + private Ssa2::SsaInputNode input; + + SsaInputNode() { this = TSsaInputNode(input) } + + cached + override string toString() { + result = "[ssa-input] " + input.getDefinitionExt().getSourceVariable().getName() + } + + cached + override StmtContainer getContainer() { + result = input.getDefinitionExt().getSourceVariable().getDeclaringContainer() + } + + cached + override Location getLocation() { result = input.getLocation() } +} + +class FlowSummaryNode extends DataFlow::Node, TFlowSummaryNode { + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + cached + override string toString() { result = this.getSummaryNode().toString() } +} + +class FlowSummaryDynamicParameterArrayNode extends DataFlow::Node, + TFlowSummaryDynamicParameterArrayNode +{ + private FlowSummaryImpl::Public::SummarizedCallable callable; + + FlowSummaryDynamicParameterArrayNode() { this = TFlowSummaryDynamicParameterArrayNode(callable) } + + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { result = callable } + + cached + override string toString() { result = "[dynamic parameter array] " + callable } +} + +class FlowSummaryIntermediateAwaitStoreNode extends DataFlow::Node, + TFlowSummaryIntermediateAwaitStoreNode +{ + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { + this = TFlowSummaryIntermediateAwaitStoreNode(result) + } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + override string toString() { + result = this.getSummaryNode().toString() + " [intermediate node for Awaited store]" + } +} + +predicate mentionsExceptionalReturn(FlowSummaryImpl::Public::SummarizedCallable callable) { + exists(FlowSummaryImpl::Private::SummaryNode node | node.getSummarizedCallable() = callable | + FlowSummaryImpl::Private::summaryReturnNode(node, MkExceptionalReturnKind()) + or + FlowSummaryImpl::Private::summaryOutNode(_, node, MkExceptionalReturnKind()) + ) +} + +/** + * Exceptional return node in a summarized callable whose summary does not mention `ReturnValue[exception]`. + * + * By default, every call inside such a callable will forward their exceptional return to the caller's + * exceptional return, i.e. exceptions are not caught. + */ +class FlowSummaryDefaultExceptionalReturn extends DataFlow::Node, + TFlowSummaryDefaultExceptionalReturn +{ + private FlowSummaryImpl::Public::SummarizedCallable callable; + + FlowSummaryDefaultExceptionalReturn() { this = TFlowSummaryDefaultExceptionalReturn(callable) } + + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { result = callable } + + cached + override string toString() { result = "[default exceptional return] " + callable } +} + +class CaptureNode extends DataFlow::Node, TSynthCaptureNode { + /** Gets the underlying node from the variable-capture library. */ + VariableCaptureOutput::SynthesizedCaptureNode getNode() { + this = TSynthCaptureNode(result) and DataFlowImplCommon::forceCachingInSameStage() + } + + cached + override StmtContainer getContainer() { result = this.getNode().getEnclosingCallable() } + + cached + private string toStringInternal() { result = this.getNode().toString() + " [capture node]" } + + override string toString() { result = this.toStringInternal() } // cached in parent class + + cached + override Location getLocation() { result = this.getNode().getLocation() } +} + +class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { + private AstNode node; + private string tag; + private DataFlowCallable container; + + GenericSynthesizedNode() { this = TGenericSynthesizedNode(node, tag, container) } + + override StmtContainer getContainer() { result = container.asSourceCallable() } + + override string toString() { result = "[synthetic node] " + tag } + + override Location getLocation() { result = node.getLocation() } + + string getTag() { result = tag } +} + +/** + * An argument containing an array of all positional arguments with an obvious index, i.e. not affected by a spread argument. + */ +class StaticArgumentArrayNode extends DataFlow::Node, TStaticArgumentArrayNode { + private InvokeExpr invoke; + + StaticArgumentArrayNode() { this = TStaticArgumentArrayNode(invoke) } + + override StmtContainer getContainer() { result = invoke.getContainer() } + + override string toString() { result = "[static argument array]" } + + override Location getLocation() { result = invoke.getLocation() } +} + +/** + * An argument containing an array of all positional arguments with non-obvious index, i.e. affected by a spread argument. + * + * Only exists for call sites with a spread argument. + */ +class DynamicArgumentArrayNode extends DataFlow::Node, TDynamicArgumentArrayNode { + private InvokeExpr invoke; + + DynamicArgumentArrayNode() { this = TDynamicArgumentArrayNode(invoke) } + + override StmtContainer getContainer() { result = invoke.getContainer() } + + override string toString() { result = "[dynamic argument array]" } + + override Location getLocation() { result = invoke.getLocation() } +} + +/** + * Intermediate node with data that will be stored in `DyanmicArgumentArrayNode`. + */ +class DynamicArgumentStoreNode extends DataFlow::Node, TDynamicArgumentStoreNode { + private InvokeExpr invoke; + private Content content; + + DynamicArgumentStoreNode() { this = TDynamicArgumentStoreNode(invoke, content) } + + override StmtContainer getContainer() { result = invoke.getContainer() } + + override string toString() { result = "[dynamic argument store node] content=" + content } + + override Location getLocation() { result = invoke.getLocation() } +} + +/** + * Intermediate node with data that will be stored in the function's rest parameter node. + */ +class RestParameterStoreNode extends DataFlow::Node, TRestParameterStoreNode { + private Function function; + private Content content; + + RestParameterStoreNode() { this = TRestParameterStoreNode(function, content) } + + override StmtContainer getContainer() { result = function } + + override string toString() { + result = + "[rest parameter store node] '..." + function.getRestParameter().getName() + "' content=" + + content + } + + override Location getLocation() { result = function.getRestParameter().getLocation() } +} + +/** + * A parameter containing an array of all positional arguments with an obvious index, i.e. not affected by spread or `.apply()`. + * + * These are read and stored in the function's rest parameter and `arguments` array. + * The node only exists for functions with a rest parameter or which uses the `arguments` array. + */ +class StaticParameterArrayNode extends DataFlow::Node, TStaticParameterArrayNode { + private Function function; + + StaticParameterArrayNode() { this = TStaticParameterArrayNode(function) } + + override StmtContainer getContainer() { result = function } + + override string toString() { result = "[static parameter array]" } + + override Location getLocation() { result = function.getLocation() } +} + +/** + * A parameter containing an array of all positional argument values with non-obvious index, i.e. affected by spread or `.apply()`. + * + * These are read and assigned into regular positional parameters and stored into rest parameters and the `arguments` array. + */ +class DynamicParameterArrayNode extends DataFlow::Node, TDynamicParameterArrayNode { + private Function function; + + DynamicParameterArrayNode() { this = TDynamicParameterArrayNode(function) } + + override StmtContainer getContainer() { result = function } + + override string toString() { result = "[dynamic parameter array]" } + + override Location getLocation() { result = function.getLocation() } +} + +/** + * Node with taint input from the second argument of `.apply()` and with a store edge back into that same argument. + * + * This ensures that if `.apply()` is called with a tainted value (not inside a content) the taint is + * boxed in an `ArrayElement` content. This is necessary for the target function to propagate the taint. + */ +class ApplyCallTaintNode extends DataFlow::Node, TApplyCallTaintNode { + private MethodCallExpr apply; + + ApplyCallTaintNode() { this = TApplyCallTaintNode(apply) } + + override StmtContainer getContainer() { result = apply.getContainer() } + + override string toString() { result = "[apply call taint node]" } + + override Location getLocation() { result = apply.getArgument(1).getLocation() } + + MethodCallExpr getMethodCallExpr() { result = apply } + + DataFlow::Node getArrayNode() { result = apply.getArgument(1).flow() } +} + +cached +newtype TReturnKind = + MkNormalReturnKind() or + MkExceptionalReturnKind() + +class ReturnKind extends TReturnKind { + string toString() { + this = MkNormalReturnKind() and result = "return" + or + this = MkExceptionalReturnKind() and result = "exception" + } +} + +private predicate returnNodeImpl(DataFlow::Node node, ReturnKind kind) { + node instanceof TFunctionReturnNode and kind = MkNormalReturnKind() + or + exists(Function fun | + node = TExceptionalFunctionReturnNode(fun) and + kind = MkExceptionalReturnKind() and + // For async/generators, the exception is caught and wrapped in the returned promise/iterator object. + // See the models for AsyncAwait and Generator. + not fun.isAsyncOrGenerator() + ) + or + FlowSummaryImpl::Private::summaryReturnNode(node.(FlowSummaryNode).getSummaryNode(), kind) + or + node instanceof FlowSummaryDefaultExceptionalReturn and + kind = MkExceptionalReturnKind() +} + +private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { + kind = MkNormalReturnKind() and result = call.asOrdinaryCall() + or + kind = MkExceptionalReturnKind() and result = call.asOrdinaryCall().getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asBoundCall(_) + or + kind = MkExceptionalReturnKind() and result = call.asBoundCall(_).getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asAccessorCall().(DataFlow::PropRead) + or + FlowSummaryImpl::Private::summaryOutNode(call.(SummaryCall).getReceiver(), + result.(FlowSummaryNode).getSummaryNode(), kind) + or + kind = MkExceptionalReturnKind() and + result.(FlowSummaryDefaultExceptionalReturn).getSummarizedCallable() = + call.(SummaryCall).getSummarizedCallable() +} + +class ReturnNode extends DataFlow::Node { + ReturnNode() { returnNodeImpl(this, _) } + + ReturnKind getKind() { returnNodeImpl(this, result) } +} + +/** A node that receives an output from a call. */ +class OutNode extends DataFlow::Node { + OutNode() { this = getAnOutNodeImpl(_, _) } +} + +OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { result = getAnOutNodeImpl(call, kind) } + +cached +predicate postUpdatePair(Node pre, Node post) { + exists(AST::ValueNode expr | + pre = TValueNode(expr) and + post = TExprPostUpdateNode(expr) + ) + or + exists(NewExpr expr | + pre = TNewCallThisArgument(expr) and + post = TValueNode(expr) + ) + or + exists(ImplicitThisUse use | + pre = TImplicitThisUse(use, false) and + post = TImplicitThisUse(use, true) + ) + or + FlowSummaryImpl::Private::summaryPostUpdateNode(post.(FlowSummaryNode).getSummaryNode(), + pre.(FlowSummaryNode).getSummaryNode()) + or + VariableCaptureOutput::capturePostUpdateNode(getClosureNode(post), getClosureNode(pre)) +} + +class CastNode extends DataFlow::Node { + CastNode() { none() } +} + +cached +newtype TDataFlowCallable = + MkSourceCallable(StmtContainer container) or + MkLibraryCallable(LibraryCallable callable) + +/** + * A callable entity. This is a wrapper around either a `StmtContainer` or a `LibraryCallable`. + */ +class DataFlowCallable extends TDataFlowCallable { + /** Gets a string representation of this callable. */ + string toString() { + result = this.asSourceCallable().toString() + or + result = this.asLibraryCallable() + } + + /** Gets the location of this callable, if it is present in the source code. */ + Location getLocation() { result = this.asSourceCallable().getLocation() } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + StmtContainer asSourceCallable() { this = MkSourceCallable(result) } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + pragma[nomagic] + StmtContainer asSourceCallableNotExterns() { + this = MkSourceCallable(result) and + not result.inExternsFile() + } + + /** Gets the corresponding `LibraryCallable` if this is a library callable. */ + LibraryCallable asLibraryCallable() { this = MkLibraryCallable(result) } + + int totalorder() { + result = TotalOrdering::astNodeId(this.asSourceCallable()).bitShiftLeft(1) + or + result = TotalOrdering::libraryCallableId(this.asLibraryCallable()).bitShiftLeft(1) + 1 + } +} + +/** A callable defined in library code, identified by a unique string. */ +abstract class LibraryCallable extends string { + bindingset[this] + LibraryCallable() { any() } + + /** Gets a call to this library callable. */ + DataFlow::InvokeNode getACall() { none() } + + /** Same as `getACall()` except this does not depend on the call graph or API graph. */ + DataFlow::InvokeNode getACallSimple() { none() } +} + +/** Internal subclass of `LibraryCallable`, whose member predicates should not be visible on `SummarizedCallable`. */ +abstract class LibraryCallableInternal extends LibraryCallable { + bindingset[this] + LibraryCallableInternal() { any() } + + /** + * Gets a call to this library callable. + * + * Same as `getACall()` but is evaluated later and may depend negatively on `getACall()`. + */ + DataFlow::InvokeNode getACallStage2() { none() } +} + +private predicate isParameterNodeImpl(Node p, DataFlowCallable c, ParameterPosition pos) { + exists(Parameter parameter | + parameter = c.asSourceCallable().(Function).getParameter(pos.asPositional()) and + not parameter.isRestParameter() and + p = TValueNode(parameter) + ) + or + pos.isThis() and p = TThisNode(c.asSourceCallable().(Function)) + or + pos.isFunctionSelfReference() and p = TFunctionSelfReferenceNode(c.asSourceCallable()) + or + pos.isStaticArgumentArray() and p = TStaticParameterArrayNode(c.asSourceCallable()) + or + pos.isDynamicArgumentArray() and p = TDynamicParameterArrayNode(c.asSourceCallable()) + or + exists(FlowSummaryNode summaryNode | + summaryNode = p and + FlowSummaryImpl::Private::summaryParameterNode(summaryNode.getSummaryNode(), pos) and + c.asLibraryCallable() = summaryNode.getSummarizedCallable() + ) + or + exists(FlowSummaryImpl::Public::SummarizedCallable callable | + c.asLibraryCallable() = callable and + pos.isDynamicArgumentArray() and + p = TFlowSummaryDynamicParameterArrayNode(callable) + ) +} + +predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) { + isParameterNodeImpl(p, c, pos) +} + +private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition pos) { + n = call.asOrdinaryCall().getArgument(pos.asPositional()) + or + exists(InvokeExpr invoke | + call.asOrdinaryCall() = TReflectiveCallNode(invoke, "apply") and + pos.isDynamicArgumentArray() and + n = TValueNode(invoke.getArgument(1)) + ) + or + pos.isThis() and n = call.asOrdinaryCall().(DataFlow::CallNode).getReceiver() + or + exists(DataFlow::PartialInvokeNode invoke, DataFlow::Node callback | + call = MkPartialCall(invoke, callback) and + invoke.isPartialArgument(callback, n, pos.asPositional()) + ) + or + pos.isThis() and n = call.asPartialCall().getBoundReceiver() + or + exists(int boundArgs | + n = call.asBoundCall(boundArgs).getArgument(pos.asPositional() - boundArgs) + ) + or + pos.isFunctionSelfReference() and n = call.asOrdinaryCall().getCalleeNode() + or + pos.isFunctionSelfReference() and n = call.asImpliedLambdaCall().flow() + or + exists(Function fun | + call.asImpliedLambdaCall() = fun and + CallGraph::impliedReceiverStep(n, TThisNode(fun)) and + sameContainerAsEnclosingContainer(n, fun) and + pos.isThis() + ) + or + pos.isThis() and n = TNewCallThisArgument(call.asOrdinaryCall().asExpr()) + or + pos.isThis() and + n = TImplicitThisUse(call.asOrdinaryCall().asExpr().(SuperCall).getCallee(), false) + or + // receiver of accessor call + pos.isThis() and n = call.asAccessorCall().getBase() + or + // argument to setter + pos.asPositional() = 0 and n = call.asAccessorCall().(DataFlow::PropWrite).getRhs() + or + FlowSummaryImpl::Private::summaryArgumentNode(call.(SummaryCall).getReceiver(), + n.(FlowSummaryNode).getSummaryNode(), pos) + or + exists(InvokeExpr invoke | call.asOrdinaryCall() = TValueNode(invoke) | + n = TStaticArgumentArrayNode(invoke) and + pos.isStaticArgumentArray() + or + n = TDynamicArgumentArrayNode(invoke) and + pos.isDynamicArgumentArray() + ) +} + +predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(n, call, pos) +} + +DataFlowCallable nodeGetEnclosingCallable(Node node) { + result.asSourceCallable() = node.getContainer() + or + result.asLibraryCallable() = node.(FlowSummaryNode).getSummarizedCallable() + or + result.asLibraryCallable() = node.(FlowSummaryDynamicParameterArrayNode).getSummarizedCallable() + or + result.asLibraryCallable() = node.(FlowSummaryIntermediateAwaitStoreNode).getSummarizedCallable() + or + result.asLibraryCallable() = node.(FlowSummaryDefaultExceptionalReturn).getSummarizedCallable() + or + node = TGenericSynthesizedNode(_, _, result) +} + +newtype TDataFlowType = + TFunctionType(Function f) or + TAnyType() + +class DataFlowType extends TDataFlowType { + string toDebugString() { + this instanceof TFunctionType and + result = + "TFunctionType(" + this.asFunction().toString() + ") at line " + + this.asFunction().getLocation().getStartLine() + or + this instanceof TAnyType and result = "TAnyType" + } + + string toString() { + result = "" // Must be the empty string to prevent this from showing up in path explanations + } + + Function asFunction() { this = TFunctionType(result) } +} + +/** + * Holds if `t1` is strictly stronger than `t2`. + */ +predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { + t1 instanceof TFunctionType and t2 = TAnyType() +} + +private DataFlowType getPreciseType(Node node) { + exists(Function f | + (node = TValueNode(f) or node = TFunctionSelfReferenceNode(f)) and + result = TFunctionType(f) + ) + or + result = getPreciseType(node.getImmediatePredecessor()) + or + result = getPreciseType(node.(PostUpdateNode).getPreUpdateNode()) +} + +DataFlowType getNodeType(Node node) { + result = getPreciseType(node) + or + not exists(getPreciseType(node)) and + result = TAnyType() +} + +predicate nodeIsHidden(Node node) { + // Skip phi, refinement, and capture nodes + node.(DataFlow::SsaDefinitionNode).getSsaVariable().getDefinition() instanceof + SsaImplicitDefinition + or + // Skip SSA definition of parameter as its location coincides with the parameter node + node = DataFlow::ssaDefinitionNode(Ssa::definition(any(SimpleParameter p))) + or + // Skip to the top of big left-leaning string concatenation trees. + node = any(AddExpr add).flow() and + node = any(AddExpr add).getAnOperand().flow() + or + // Skip the exceptional return on functions, as this highlights the entire function. + node = any(DataFlow::FunctionNode f).getExceptionalReturn() + or + // Skip the special return node for functions, as this highlights the entire function (and the returned expr is the previous node). + node = any(DataFlow::FunctionNode f).getReturnNode() + or + // Skip the synthetic 'this' node, as a ThisExpr will be the next node anyway + node = DataFlow::thisNode(_) + or + // Skip captured variable nodes as the successor will be a use of that variable anyway. + node = DataFlow::capturedVariableNode(_) + or + node instanceof DataFlow::FunctionSelfReferenceNode + or + node instanceof FlowSummaryNode + or + node instanceof FlowSummaryDynamicParameterArrayNode + or + node instanceof FlowSummaryIntermediateAwaitStoreNode + or + node instanceof FlowSummaryDefaultExceptionalReturn + or + node instanceof CaptureNode + or + // Hide function expressions, as capture-flow causes them to appear in unhelpful ways + // In the future we could hide PathNodes with a capture content as the head of its access path. + node.asExpr() instanceof Function + or + // Also hide post-update nodes for function expressions + node.(DataFlow::ExprPostUpdateNode).getExpr() instanceof Function + or + node instanceof GenericSynthesizedNode + or + node instanceof StaticArgumentArrayNode + or + node instanceof DynamicArgumentArrayNode + or + node instanceof DynamicArgumentStoreNode + or + node instanceof StaticParameterArrayNode + or + node instanceof DynamicParameterArrayNode + or + node instanceof RestParameterStoreNode + or + node instanceof SsaUseNode + or + node instanceof SsaPhiReadNode + or + node instanceof SsaInputNode +} + +predicate neverSkipInPathGraph(Node node) { + // Include the left-hand side of assignments + node = DataFlow::lvalueNode(_) + or + // Include the return-value expression + node.asExpr() = any(Function f).getAReturnedExpr() + or + // Include calls (which may have been modelled as steps) + node.asExpr() instanceof InvokeExpr + or + // Include references to a variable + node.asExpr() instanceof VarRef +} + +string ppReprType(DataFlowType t) { none() } + +pragma[inline] +private predicate compatibleTypesNonSymRefl(DataFlowType t1, DataFlowType t2) { + t1 != TAnyType() and + t2 = TAnyType() +} + +pragma[inline] +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { + t1 = t2 + or + compatibleTypesNonSymRefl(t1, t2) + or + compatibleTypesNonSymRefl(t2, t1) +} + +predicate forceHighPrecision(Content c) { none() } + +newtype TContentApprox = + TApproxPropertyContent() or + TApproxMapKey() or + TApproxMapValue() or + TApproxSetElement() or + TApproxIteratorElement() or + TApproxIteratorError() or + TApproxPromiseValue() or + TApproxPromiseError() or + TApproxCapturedContent() + +class ContentApprox extends TContentApprox { + string toString() { + this = TApproxPropertyContent() and result = "TApproxPropertyContent" + or + this = TApproxMapKey() and result = "TApproxMapKey" + or + this = TApproxMapValue() and result = "TApproxMapValue" + or + this = TApproxSetElement() and result = "TApproxSetElement" + or + this = TApproxIteratorElement() and result = "TApproxIteratorElement" + or + this = TApproxIteratorError() and result = "TApproxIteratorError" + or + this = TApproxPromiseValue() and result = "TApproxPromiseValue" + or + this = TApproxPromiseError() and result = "TApproxPromiseError" + or + this = TApproxCapturedContent() and result = "TApproxCapturedContent" + } +} + +pragma[inline] +ContentApprox getContentApprox(Content c) { + c instanceof MkPropertyContent and result = TApproxPropertyContent() + or + c instanceof MkArrayElementUnknown and result = TApproxPropertyContent() + or + c instanceof MkMapKey and result = TApproxMapKey() + or + c instanceof MkMapValueWithKnownKey and result = TApproxMapValue() + or + c instanceof MkMapValueWithUnknownKey and result = TApproxMapValue() + or + c instanceof MkSetElement and result = TApproxSetElement() + or + c instanceof MkIteratorElement and result = TApproxIteratorElement() + or + c instanceof MkIteratorError and result = TApproxIteratorError() + or + c instanceof MkPromiseValue and result = TApproxPromiseValue() + or + c instanceof MkPromiseError and result = TApproxPromiseError() + or + c instanceof MkCapturedContent and result = TApproxCapturedContent() +} + +cached +private newtype TDataFlowCall = + MkOrdinaryCall(DataFlow::InvokeNode node) or + MkPartialCall(DataFlow::PartialInvokeNode node, DataFlow::Node callback) { + callback = node.getACallbackNode() + } or + MkBoundCall(DataFlow::InvokeNode node, int boundArgs) { + FlowSteps::callsBound(node, _, boundArgs) + } or + MkAccessorCall(DataFlow::PropRef node) { + // Some PropRefs can't result in an accessor call, such as Object.defineProperty. + // Restrict to PropRefs that can result in an accessor call. + node = TValueNode(any(PropAccess p)) or + node = TPropNode(any(PropertyPattern p)) + } or + MkImpliedLambdaCall(Function f) { + VariableCaptureConfig::captures(f, _) or CallGraph::impliedReceiverStep(_, TThisNode(f)) + } or + MkSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + ) { + FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) + } + +private module TotalOrdering { + private predicate astNodeRefl(AstNode x, AstNode y) { x = y } + + int astNodeId(AstNode n) = equivalenceRelation(astNodeRefl/2)(n, result) + + predicate dataFlowNodeId(DataFlow::Node node, int cls, int content) { + exists(AstNode n | + node = TValueNode(n) and cls = 1 and content = astNodeId(n) + or + node = TReflectiveCallNode(n, _) and cls = 2 and content = astNodeId(n) + ) + } + + predicate callId(DataFlowCall call, int cls, int child, int extra) { + exists(DataFlow::Node node | + call = MkOrdinaryCall(node) and dataFlowNodeId(node, cls - 1000, child) and extra = 0 + or + call = MkPartialCall(node, _) and dataFlowNodeId(node, cls - 2000, child) and extra = 0 + or + call = MkBoundCall(node, extra) and dataFlowNodeId(node, cls - 3000, child) + or + call = MkAccessorCall(node) and dataFlowNodeId(node, cls - 4000, child) and extra = 0 + ) + or + exists(Function f | + call = MkImpliedLambdaCall(f) and cls = 5000 and child = astNodeId(f) and extra = 0 + ) + or + exists( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + | + call = MkSummaryCall(c, receiver) and + cls = 6000 and + c = rank[child](FlowSummaryImpl::Public::SummarizedCallable cs) and + extra = 0 + ) + } + + int libraryCallableId(LibraryCallable callable) { callable = rank[result](LibraryCallable c) } +} + +class DataFlowCall extends TDataFlowCall { + DataFlowCallable getEnclosingCallable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + DataFlow::InvokeNode asOrdinaryCall() { this = MkOrdinaryCall(result) } + + DataFlow::PropRef asAccessorCall() { this = MkAccessorCall(result) } + + DataFlow::PartialInvokeNode asPartialCall() { this = MkPartialCall(result, _) } + + DataFlow::InvokeNode asBoundCall(int boundArgs) { this = MkBoundCall(result, boundArgs) } + + Function asImpliedLambdaCall() { this = MkImpliedLambdaCall(result) } + + predicate isSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable enclosingCallable, + FlowSummaryImpl::Private::SummaryNode receiver + ) { + this = MkSummaryCall(enclosingCallable, receiver) + } + + Location getLocation() { none() } // Overridden in subclass + + int totalorder() { + this = + rank[result](DataFlowCall call, int x, int y, int z | + TotalOrdering::callId(call, x, y, z) + | + call order by x, y, z + ) + } +} + +private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { + private DataFlow::InvokeNode node; + + OrdinaryCall() { this = MkOrdinaryCall(node) } + + DataFlow::InvokeNode getNode() { result = node } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() } + + override Location getLocation() { result = node.getLocation() } +} + +private class PartialCall extends DataFlowCall, MkPartialCall { + private DataFlow::PartialInvokeNode node; + private DataFlow::Node callback; + + PartialCall() { this = MkPartialCall(node, callback) } + + DataFlow::PartialInvokeNode getNode() { result = node } + + DataFlow::Node getCallback() { result = callback } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() + " (as partial invocation)" } + + override Location getLocation() { result = node.getLocation() } +} + +private class BoundCall extends DataFlowCall, MkBoundCall { + private DataFlow::InvokeNode node; + private int boundArgs; + + BoundCall() { this = MkBoundCall(node, boundArgs) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { + result = node.toString() + " (as call with " + boundArgs + " bound arguments)" + } + + override Location getLocation() { result = node.getLocation() } +} + +private class AccessorCall extends DataFlowCall, MkAccessorCall { + private DataFlow::PropRef ref; + + AccessorCall() { this = MkAccessorCall(ref) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = ref.getContainer() + } + + override string toString() { result = ref.toString() + " (as accessor call)" } + + override Location getLocation() { result = ref.getLocation() } +} + +class SummaryCall extends DataFlowCall, MkSummaryCall { + private FlowSummaryImpl::Public::SummarizedCallable enclosingCallable; + private FlowSummaryImpl::Private::SummaryNode receiver; + + SummaryCall() { this = MkSummaryCall(enclosingCallable, receiver) } + + override DataFlowCallable getEnclosingCallable() { + result.asLibraryCallable() = enclosingCallable + } + + override string toString() { + result = "[summary] call to " + receiver + " in " + enclosingCallable + } + + /** Gets the receiver node. */ + FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver } + + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { result = enclosingCallable } +} + +/** + * A call that invokes a lambda with nothing but its self-reference node. + * + * This is to help ensure captured variables can flow into the lambda in cases where + * we can't find its call sites. + */ +private class ImpliedLambdaCall extends DataFlowCall, MkImpliedLambdaCall { + private Function function; + + ImpliedLambdaCall() { this = MkImpliedLambdaCall(function) } + + override string toString() { result = "[implied lambda call] " + function } + + override Location getLocation() { result = function.getLocation() } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = function.getEnclosingContainer() + } +} + +private int getMaxArity() { + // TODO: account for flow summaries + result = + max(int n | + n = any(InvokeExpr e).getNumArgument() or + n = any(Function f).getNumParameter() or + n = 10 + ) +} + +cached +newtype TParameterPosition = + MkPositionalParameter(int n) { n = [0 .. getMaxArity()] } or + MkPositionalLowerBound(int n) { n = [0 .. getMaxArity()] } or + MkThisParameter() or + MkFunctionSelfReferenceParameter() or + MkStaticArgumentArray() or + MkDynamicArgumentArray() + +class ParameterPosition extends TParameterPosition { + predicate isPositionalExact() { this instanceof MkPositionalParameter } + + predicate isPositionalLowerBound() { this instanceof MkPositionalLowerBound } + + predicate isPositionalLike() { this.isPositionalExact() or this.isPositionalLowerBound() } + + int asPositional() { this = MkPositionalParameter(result) } + + int asPositionalLowerBound() { this = MkPositionalLowerBound(result) } + + predicate isThis() { this = MkThisParameter() } + + predicate isFunctionSelfReference() { this = MkFunctionSelfReferenceParameter() } + + predicate isStaticArgumentArray() { this = MkStaticArgumentArray() } + + predicate isDynamicArgumentArray() { this = MkDynamicArgumentArray() } + + string toString() { + result = this.asPositional().toString() + or + result = this.asPositionalLowerBound().toString() + ".." + or + this.isThis() and result = "this" + or + this.isFunctionSelfReference() and result = "function" + or + this.isStaticArgumentArray() and result = "static-argument-array" + or + this.isDynamicArgumentArray() and result = "dynamic-argument-array" + } +} + +class ArgumentPosition extends ParameterPosition { } + +class DataFlowExpr = Expr; + +Node exprNode(DataFlowExpr expr) { result = DataFlow::exprNode(expr) } + +pragma[nomagic] +predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { + ppos = apos + or + apos.asPositional() >= ppos.asPositionalLowerBound() + or + ppos.asPositional() >= apos.asPositionalLowerBound() + // + // Note: for now, there is no need to match lower bounds agaist lower bounds since we + // are only using these in cases where either the call or callee is generated by a flow summary. +} + +pragma[inline] +DataFlowCallable viableCallable(DataFlowCall node) { + // Note: we never include call edges externs here, as it negatively affects the field-flow branch limit, + // particularly when the call can also target a flow summary. + result.asSourceCallableNotExterns() = node.asOrdinaryCall().getACallee() + or + result.asSourceCallableNotExterns() = + node.(PartialCall).getCallback().getAFunctionValue().getFunction() + or + exists(DataFlow::InvokeNode invoke, int boundArgs | + invoke = node.asBoundCall(boundArgs) and + FlowSteps::callsBound(invoke, result.asSourceCallableNotExterns(), boundArgs) + ) + or + result.asSourceCallableNotExterns() = node.asAccessorCall().getAnAccessorCallee().getFunction() + or + exists(LibraryCallable callable | + result = MkLibraryCallable(callable) and + node.asOrdinaryCall() = + [ + callable.getACall(), callable.getACallSimple(), + callable.(LibraryCallableInternal).getACallStage2() + ] + ) + or + result.asSourceCallableNotExterns() = node.asImpliedLambdaCall() +} + +/** + * Holds if the set of viable implementations that can be called by `call` + * might be improved by knowing the call context. + */ +predicate mayBenefitFromCallContext(DataFlowCall call) { none() } + +/** + * Gets a viable dispatch target of `call` in the context `ctx`. This is + * restricted to those `call`s for which a context might make a difference. + */ +DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() } + +bindingset[node, fun] +pragma[inline_late] +private predicate sameContainerAsEnclosingContainer(Node node, Function fun) { + node.getContainer() = fun.getEnclosingContainer() +} + +abstract private class BarrierGuardAdapter extends DataFlow::Node { + // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated + predicate blocksExpr(boolean outcome, Expr e) { none() } +} + +deprecated private class BarrierGuardAdapterSubclass extends BarrierGuardAdapter instanceof DataFlow::AdditionalBarrierGuardNode +{ + override predicate blocksExpr(boolean outcome, Expr e) { super.blocks(outcome, e) } +} + +/** + * Holds if `node` should be a barrier in all data flow configurations due to custom subclasses + * of `AdditionalBarrierGuardNode`. + * + * The standard library contains no subclasses of that class; this is for backwards compatibility only. + */ +pragma[nomagic] +private predicate legacyBarrier(DataFlow::Node node) { + node = MakeBarrierGuard::getABarrierNode() +} + +/** + * Holds if `node` should be removed from the local data flow graph, for compatibility with legacy code. + */ +pragma[nomagic] +private predicate isBlockedLegacyNode(Node node) { + // Ignore captured variable nodes for those variables that are handled by the captured-variable library. + // Note that some variables, such as top-level variables, are still modelled with these nodes (which will result in jump steps). + exists(LocalVariable variable | + node = TCapturedVariableNode(variable) and + variable = any(VariableCaptureConfig::CapturedVariable v).asLocalVariable() + ) + or + legacyBarrier(node) +} + +/** + * Holds if `thisNode` represents a value of `this` that is being tracked by the + * variable capture library. + * + * In this case we need to suppress the default flow steps between `thisNode` and + * the `ThisExpr` nodes; especially those that would become jump steps. + * + * Note that local uses of `this` are sometimes tracked by the local SSA library, but we should + * not block local def-use flow, since we only switch to use-use flow after a post-update. + */ +pragma[nomagic] +private predicate isThisNodeTrackedByVariableCapture(DataFlow::ThisNode thisNode) { + exists(StmtContainer container | thisNode = TThisNode(container) | + any(VariableCaptureConfig::CapturedVariable v).asThisContainer() = container + ) +} + +/** + * Holds if there should be flow from `postUpdate` to `target` because of a variable/this value + * that is captured but not tracked precisely by the variable-capture library. + */ +pragma[nomagic] +private predicate imprecisePostUpdateStep(DataFlow::PostUpdateNode postUpdate, DataFlow::Node target) { + exists(LocalVariableOrThis var, DataFlow::Node use | + // 'var' is captured but not tracked precisely + var.isCaptured() and + not var instanceof VariableCaptureConfig::CapturedVariable and + ( + use = TValueNode(var.asLocalVariable().getAnAccess()) + or + use = TValueNode(var.getAThisExpr()) + or + use = TImplicitThisUse(var.getAThisUse(), false) + ) and + postUpdate.getPreUpdateNode() = use and + target = use.getALocalSource() + ) +} + +/** + * Holds if there is a value-preserving steps `node1` -> `node2` that might + * be cross function boundaries. + */ +private predicate valuePreservingStep(Node node1, Node node2) { + node1.getASuccessor() = node2 and + not isBlockedLegacyNode(node1) and + not isBlockedLegacyNode(node2) and + not isThisNodeTrackedByVariableCapture(node1) + or + imprecisePostUpdateStep(node1, node2) + or + FlowSteps::propertyFlowStep(node1, node2) + or + FlowSteps::globalFlowStep(node1, node2) + or + node2 = FlowSteps::getThrowTarget(node1) + or + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), true, _) // TODO: preserve 'model' +} + +predicate knownSourceModel(Node sink, string model) { none() } + +predicate knownSinkModel(Node sink, string model) { none() } + +private predicate samePhi(SsaPhiNode legacyPhi, Ssa2::PhiNode newPhi) { + exists(BasicBlock bb, LocalVariableOrThis v | + newPhi.definesAt(v, bb, _) and + legacyPhi.definesAt(bb, _, v.asLocalVariable()) + ) +} + +cached +Node getNodeFromSsa2(Ssa2::Node node) { + result = TSsaUseNode(node.(Ssa2::ExprNode).getExpr()) + or + result = TExprPostUpdateNode(node.(Ssa2::ExprPostUpdateNode).getExpr()) + or + exists(ImplicitThisUse use | + node.(Ssa2::ExprPostUpdateNode).getExpr() = use and + result = TImplicitThisUse(use, true) + ) + or + result = TSsaPhiReadNode(node.(Ssa2::SsaDefinitionExtNode).getDefinitionExt()) + or + result = TSsaInputNode(node.(Ssa2::SsaInputNode)) + or + exists(SsaPhiNode legacyPhi, Ssa2::PhiNode ssaPhi | + node.(Ssa2::SsaDefinitionExtNode).getDefinitionExt() = ssaPhi and + samePhi(legacyPhi, ssaPhi) and + result = TSsaDefNode(legacyPhi) + ) +} + +private predicate useUseFlow(Node node1, Node node2) { + exists(Ssa2::DefinitionExt def, Ssa2::Node ssa1, Ssa2::Node ssa2 | + Ssa2::localFlowStep(def, ssa1, ssa2, _) and + node1 = getNodeFromSsa2(ssa1) and + node2 = getNodeFromSsa2(ssa2) and + not node1.getTopLevel().isExterns() + ) + or + exists(Expr use | + node1 = TSsaUseNode(use) and + node2 = TValueNode(use) + ) + or + exists(ImplicitThisUse use | + node1 = TSsaUseNode(use) and + node2 = TImplicitThisUse(use, false) + ) +} + +predicate simpleLocalFlowStep(Node node1, Node node2, string model) { + simpleLocalFlowStep(node1, node2) and model = "" +} + +predicate simpleLocalFlowStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + nodeGetEnclosingCallable(pragma[only_bind_out](node1)) = + nodeGetEnclosingCallable(pragma[only_bind_out](node2)) + or + useUseFlow(node1, node2) + or + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + ( + node2 = TFlowSummaryNode(output) and + not node2 instanceof PostUpdateNode // When doing a store-back, do not add the local flow edge + or + node2 = TFlowSummaryIntermediateAwaitStoreNode(input) + ) + or + FlowSummaryPrivate::Steps::summaryReadStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + node2 = TFlowSummaryNode(output) + or + // Add flow through optional barriers. This step is then blocked by the barrier for queries that choose to use the barrier. + FlowSummaryPrivate::Steps::summaryReadStep(input, MkOptionalBarrier(_), output) and + node1 = TFlowSummaryNode(input) and + node2 = TFlowSummaryNode(output) + ) + or + VariableCaptureOutput::localFlowStep(getClosureNode(node1), getClosureNode(node2)) + or + // NOTE: For consistency with readStep/storeStep, we do not translate these steps to jump steps automatically. + DataFlow::AdditionalFlowStep::step(node1, node2) + or + exists(InvokeExpr invoke | + // When the first argument is a spread argument, flow into the argument array as a local flow step + // to ensure we preserve knowledge about array indices + node1 = TValueNode(invoke.getArgument(0).stripParens().(SpreadElement).getOperand()) and + node2 = TDynamicArgumentArrayNode(invoke) + ) + or + exists(Function f | + // When the first parameter is a rest parameter, flow into the rest parameter as a local flow step + // to ensure we preserve knowledge about array indices + node1 = TStaticParameterArrayNode(f) or node1 = TDynamicParameterArrayNode(f) + | + // rest parameter at initial position + exists(Parameter rest | + rest = f.getParameter(0) and + rest.isRestParameter() and + node2 = TValueNode(rest) + ) + or + // 'arguments' array + node2 = TReflectiveParametersNode(f) + ) + or + // Prepare to store non-spread arguments after a spread into the dynamic arguments array + exists(InvokeExpr invoke, int n, Expr argument, Content storeContent | + invoke.getArgument(n) = argument and + not argument instanceof SpreadElement and + n > firstSpreadArgumentIndex(invoke) and + node1 = TValueNode(argument) and + node2 = TDynamicArgumentStoreNode(invoke, storeContent) and + storeContent.isUnknownArrayElement() + ) +} + +predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediatePredecessor() } + +/** + * Holds if `node1 -> node2` should be removed as a jump step. + * + * Currently this is done as a workaround for the local steps generated from IIFEs. + */ +private predicate excludedJumpStep(Node node1, Node node2) { + exists(ImmediatelyInvokedFunctionExpr iife | + iife.argumentPassing(node2.asExpr(), node1.asExpr()) + or + node1 = iife.getAReturnedExpr().flow() and + node2 = iife.getInvocation().flow() + ) +} + +/** + * Holds if data can flow from `node1` to `node2` through a non-local step + * that does not follow a call edge. For example, a step through a global + * variable. + */ +predicate jumpStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + node1.getContainer() != node2.getContainer() and + not excludedJumpStep(node1, node2) + or + FlowSummaryPrivate::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode()) + or + DataFlow::AdditionalFlowStep::jumpStep(node1, node2) +} + +/** + * Holds if data can flow from `node1` to `node2` via a read of `c`. Thus, + * `node1` references an object with a content `c.getAReadContent()` whose + * value ends up in `node2`. + */ +predicate readStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropRead read | + node1 = read.getBase() and + node2 = read + | + exists(PropertyName name | read.getPropertyName() = name | + not exists(name.asArrayIndex()) and + c = ContentSet::property(name) + or + c = ContentSet::arrayElementKnown(name.asArrayIndex()) + ) + or + not exists(read.getPropertyName()) and + c = ContentSet::arrayElement() + ) + or + exists(ContentSet contentSet | + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), contentSet, + node2.(FlowSummaryNode).getSummaryNode()) + | + not isSpecialContentSet(contentSet) and + c = contentSet + or + contentSet = MkAwaited() and + c = ContentSet::promiseValue() + ) + or + // For deep reads, generate read edges with a self-loop + exists(Node origin, ContentSet contentSet | + FlowSummaryPrivate::Steps::summaryReadStep(origin.(FlowSummaryNode).getSummaryNode(), + contentSet, node2.(FlowSummaryNode).getSummaryNode()) and + node1 = [origin, node2] + | + contentSet = MkAnyPropertyDeep() and + c = ContentSet::anyProperty() + or + contentSet = MkArrayElementDeep() and + c = ContentSet::arrayElement() + ) + or + exists(LocalVariableOrThis variable | + VariableCaptureOutput::readStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or + DataFlow::AdditionalFlowStep::readStep(node1, c, node2) + or + // Pass dynamic arguments into plain parameters + exists(Function function, Parameter param, int n | + param = function.getParameter(n) and + not param.isRestParameter() and + node1 = TDynamicParameterArrayNode(function) and + node2 = TValueNode(param) and + c = ContentSet::arrayElementFromInt(n) + ) + or + // Prepare to store dynamic and static arguments into the rest parameter array when it isn't the first parameter + exists(Function function, Content content, int restIndex | + restIndex = function.getRestParameter().getIndex() and + restIndex > 0 and + (node1 = TStaticParameterArrayNode(function) or node1 = TDynamicParameterArrayNode(function)) and + node2 = TRestParameterStoreNode(function, content) + | + // shift known array indices + c.asSingleton().asArrayIndex() = content.asArrayIndex() + restIndex + or + content.isUnknownArrayElement() and + c = ContentSet::arrayElementUnknown() + ) + or + // Prepare to store spread arguments into the dynamic arguments array, when it isn't the initial argument + exists(InvokeExpr invoke, int n, Expr argument, Content storeContent | + invoke.getArgument(n).stripParens().(SpreadElement).getOperand() = argument and + n > 0 and // n=0 is handled as a value step + node1 = TValueNode(argument) and + node2 = TDynamicArgumentStoreNode(invoke, storeContent) and + if n > firstSpreadArgumentIndex(invoke) + then + c = ContentSet::arrayElement() and // unknown start index when not the first spread operator + storeContent.isUnknownArrayElement() + else ( + storeContent.asArrayIndex() = n + c.asSingleton().asArrayIndex() + or + storeContent.isUnknownArrayElement() and c.asSingleton() = storeContent + ) + ) + or + exists(FlowSummaryNode parameter, ParameterPosition pos | + FlowSummaryImpl::Private::summaryParameterNode(parameter.getSummaryNode(), pos) and + node1 = TFlowSummaryDynamicParameterArrayNode(parameter.getSummarizedCallable()) and + node2 = parameter and + ( + c.asSingleton().asArrayIndex() = pos.asPositional() + or + c = ContentSet::arrayElementLowerBound(pos.asPositionalLowerBound()) + ) + ) +} + +/** Gets the post-update node for which `node` is the corresponding pre-update node. */ +private Node getPostUpdateForStore(Node base) { + exists(Expr expr | + base = TValueNode(expr) and + result = TExprPostUpdateNode(expr) + | + // When object/array literal appears as an argument to a call, we would generally need two post-update nodes: + // - one for the stores coming from the properties or array elements (which happen before the call and must flow into the call) + // - one for the argument position, to propagate the updates that happened during the call + // + // However, the first post-update is not actually needed since we are storing into a brand new object, so in the first case + // we just target the expression directly. In the second case we use the ExprPostUpdateNode. + not expr instanceof ObjectExpr and + not expr instanceof ArrayExpr + ) + or + exists(ImplicitThisUse use | + base = TImplicitThisUse(use, false) and + result = TImplicitThisUse(use, true) + ) +} + +/** Gets node to target with a store to the given `base` object.. */ +pragma[inline] +private Node getStoreTarget(DataFlow::Node base) { + result = getPostUpdateForStore(base) + or + not exists(getPostUpdateForStore(base)) and + result = base +} + +pragma[nomagic] +private int firstSpreadArgumentIndex(InvokeExpr expr) { + result = min(int i | expr.isSpreadArgument(i)) +} + +/** + * Holds if data can flow from `node1` to `node2` via a store into `c`. Thus, + * `node2` references an object with a content `c.getAStoreContent()` that + * contains the value of `node1`. + */ +predicate storeStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropWrite write | + node1 = write.getRhs() and + c.asPropertyName() = write.getPropertyName() and + // Target the post-update node if one exists (for object literals we do not generate post-update nodes) + node2 = getStoreTarget(write.getBase()) + ) + or + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, + node2.(FlowSummaryNode).getSummaryNode()) and + not isSpecialContentSet(c) + or + // Store into Awaited + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryIntermediateAwaitStoreNode(input) and + node2 = TFlowSummaryNode(output) and + c = ContentSet::promiseValue() + ) + or + exists(LocalVariableOrThis variable | + VariableCaptureOutput::storeStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or + DataFlow::AdditionalFlowStep::storeStep(node1, c, node2) + or + exists(Function f, Content storeContent | + node1 = TRestParameterStoreNode(f, storeContent) and + node2 = TValueNode(f.getRestParameter()) and + c.asSingleton() = storeContent + ) + or + exists(InvokeExpr invoke, Content storeContent | + node1 = TDynamicArgumentStoreNode(invoke, storeContent) and + node2 = TDynamicArgumentArrayNode(invoke) and + c.asSingleton() = storeContent + ) + or + exists(InvokeExpr invoke, int n | + node1 = TValueNode(invoke.getArgument(n)) and + node2 = TStaticArgumentArrayNode(invoke) and + c.asSingleton().asArrayIndex() = n and + not n >= firstSpreadArgumentIndex(invoke) + ) + or + exists(ApplyCallTaintNode taintNode | + node1 = taintNode and + node2 = taintNode.getArrayNode() and + c = ContentSet::arrayElementUnknown() + ) +} + +/** + * Holds if values stored inside content `c` are cleared at node `n`. For example, + * any value stored inside `f` is cleared at the pre-update node associated with `x` + * in `x.f = newValue`. + */ +predicate clearsContent(Node n, ContentSet c) { + FlowSummaryPrivate::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // Clear promise content before storing into promise value, to avoid creating nested promises + n = TFlowSummaryIntermediateAwaitStoreNode(_) and + c = MkPromiseFilter() + or + // After reading from Awaited, the output must not be stored in a promise content + FlowSummaryPrivate::Steps::summaryReadStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).clearsContent(n, c) + or + // When a function `f` captures itself, all its access paths can be prefixed by an arbitrary number of `f.f.f...`. + // When multiple functions `f,g` capture each other, these prefixes can become interleaved, like `f.g.f.g...`. + // To avoid creating these trivial prefixes, we never allow two consecutive captured variables in the access path. + // We implement this rule by clearing any captured-content before storing into another captured-content. + VariableCaptureOutput::storeStep(getClosureNode(n), _, _) and + c = MkAnyCapturedContent() + or + // Block flow into the "window.location" property, as any assignment/mutation to this causes a page load and stops execution. + // The use of clearsContent here ensures we also block assignments like `window.location.href = ...` + exists(DataFlow::PropRef ref | + ref = DataFlow::globalObjectRef().getAPropertyReference("location") and + n = ref.getBase().getPostUpdateNode() and + c = ContentSet::property("location") + ) +} + +/** + * Holds if the value that is being tracked is expected to be stored inside content `c` + * at node `n`. + */ +predicate expectsContent(Node n, ContentSet c) { + FlowSummaryPrivate::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // After storing into Awaited, the result must be stored in a promise-content. + // There is a value step from the input directly to this node, hence the need for expectsContent. + FlowSummaryPrivate::Steps::summaryStoreStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).expectsContent(n, c) + or + c = ContentSet::arrayElement() and + n instanceof TDynamicParameterArrayNode +} + +abstract class NodeRegion extends Unit { + NodeRegion() { none() } + + /** Holds if this region contains `n`. */ + predicate contains(Node n) { none() } + + int totalOrder() { none() } +} + +/** + * Holds if the node `n` is unreachable when the call context is `call`. + */ +predicate isUnreachableInCall(NodeRegion n, DataFlowCall call) { + none() // TODO: could be useful, but not currently implemented for JS +} + +int accessPathLimit() { result = 2 } + +/** + * Holds if flow is allowed to pass from parameter `p` and back to itself as a + * side-effect, resulting in a summary from `p` to itself. + * + * One example would be to allow flow like `p.foo = p.bar;`, which is disallowed + * by default as a heuristic. + */ +predicate allowParameterReturnInSelf(ParameterNode p) { + exists(DataFlowCallable callable, ParameterPosition pos | + isParameterNodeImpl(p, callable, pos) and + FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(callable.asLibraryCallable(), pos) + ) + or + exists(Function f | + VariableCaptureOutput::heuristicAllowInstanceParameterReturnInSelf(f) and + p = TFunctionSelfReferenceNode(f) + ) +} + +class LambdaCallKind = Unit; + +/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */ +predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) { + creation.(DataFlow::FunctionNode).getFunction() = c.asSourceCallable() and exists(kind) +} + +/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */ +predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { + call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode()) and exists(kind) + or + receiver = call.asOrdinaryCall().getCalleeNode() and + exists(kind) and + receiver.getALocalSource() instanceof DataFlow::ParameterNode +} + +/** Extra data-flow steps needed for lambda flow analysis. */ +predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } + +class ArgumentNode extends DataFlow::Node { + ArgumentNode() { isArgumentNodeImpl(this, _, _) } + + predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(this, call, pos) + } +} + +class ParameterNode extends DataFlow::Node { + ParameterNode() { isParameterNodeImpl(this, _, _) } +} + +cached +private module OptionalSteps { + cached + predicate optionalStep(Node node1, string name, Node node2) { + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + MkOptionalStep(name), node2.(FlowSummaryNode).getSummaryNode()) + } + + cached + predicate optionalBarrier(Node node, string name) { + FlowSummaryPrivate::Steps::summaryReadStep(_, MkOptionalBarrier(name), + node.(FlowSummaryNode).getSummaryNode()) + } +} + +import OptionalSteps diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index e65a38908fe..1711faa4ade 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -5,7 +5,7 @@ */ import javascript -import semmle.javascript.dataflow.Configuration +deprecated import semmle.javascript.dataflow.Configuration import semmle.javascript.dataflow.internal.CallGraphs private import semmle.javascript.internal.CachedStages @@ -30,20 +30,36 @@ predicate returnExpr(Function f, DataFlow::Node source, DataFlow::Node sink) { not f = any(SetterMethodDeclaration decl).getBody() } +/** + * A step from a post-update node to the local sources of the corresponding pre-update node. + * + * This ensures that `getPostUpdateNode()` can be used in place of `getALocalSource()` when generating + * store steps, and the resulting step will work in both data flow analyses. + */ +pragma[nomagic] +private predicate legacyPostUpdateStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(DataFlow::Node node | + pred = node.getPostUpdateNode() and + succ = node.getALocalSource() + ) +} + /** * Holds if data can flow in one step from `pred` to `succ`, taking * additional steps from the configuration into account. */ pragma[inline] -predicate localFlowStep( +deprecated predicate localFlowStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::Configuration configuration, FlowLabel predlbl, FlowLabel succlbl ) { pred = succ.getAPredecessor() and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ) and predlbl = succlbl + legacyPostUpdateStep(pred, succ) and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ, predlbl, succlbl) + DataFlow::LegacyFlowStep::step(pred, succ) and predlbl = succlbl + or + DataFlow::LegacyFlowStep::step(pred, succ, predlbl, succlbl) or exists(boolean vp | configuration.isAdditionalFlowStep(pred, succ, vp) | vp = true and @@ -529,9 +545,9 @@ class Boolean extends boolean { /** * A summary of an inter-procedural data flow path. */ -newtype TPathSummary = +deprecated newtype TPathSummary = /** A summary of an inter-procedural data flow path. */ - MkPathSummary(Boolean hasReturn, Boolean hasCall, FlowLabel start, FlowLabel end) + deprecated MkPathSummary(Boolean hasReturn, Boolean hasCall, FlowLabel start, FlowLabel end) /** * A summary of an inter-procedural data flow path. @@ -544,7 +560,7 @@ newtype TPathSummary = * We only want to build properly matched call/return sequences, so if a path has both * call steps and return steps, all return steps must precede all call steps. */ -class PathSummary extends TPathSummary { +deprecated class PathSummary extends TPathSummary { Boolean hasReturn; Boolean hasCall; FlowLabel start; @@ -618,7 +634,7 @@ class PathSummary extends TPathSummary { } } -module PathSummary { +deprecated module PathSummary { /** * Gets a summary describing a path without any calls or returns. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll new file mode 100644 index 00000000000..460a2be4f1d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -0,0 +1,254 @@ +/** + * Provides JS specific classes and predicates for defining flow summaries. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.Contents::Private +private import sharedlib.DataFlowImplCommon +private import sharedlib.FlowSummaryImpl::Private as Private +private import sharedlib.FlowSummaryImpl::Public +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax +private import semmle.javascript.internal.flow_summaries.ExceptionFlow + +/** + * A class of callables that are candidates for flow summary modeling. + */ +class SummarizedCallableBase = string; + +/** Gets the parameter position representing a callback itself, if any. */ +ArgumentPosition callbackSelfParameterPosition() { result.isFunctionSelfReference() } + +/** + * Gets the content set corresponding to `Awaited[arg]`. + */ +private ContentSet getPromiseContent(string arg) { + arg = "value" and result = ContentSet::promiseValue() + or + arg = "error" and result = ContentSet::promiseError() +} + +pragma[nomagic] +private predicate positionName(ParameterPosition pos, string operand) { + operand = pos.asPositional().toString() + or + pos.isThis() and operand = "this" + or + pos.isFunctionSelfReference() and operand = "function" + or + operand = pos.asPositionalLowerBound() + ".." +} + +/** + * Holds if `operand` desugars to the given `pos`. Only used for parsing. + */ +bindingset[operand] +private predicate desugaredPositionName(ParameterPosition pos, string operand) { + operand = "any" and + pos.asPositionalLowerBound() = 0 + or + pos.asPositional() = AccessPathSyntax::parseInt(operand) // parse closed intervals +} + +private string encodeContentAux(ContentSet cs, string arg) { + cs = ContentSet::arrayElement() and + result = "ArrayElement" and + arg = "" + or + cs = ContentSet::arrayElementUnknown() and + result = "ArrayElement" and + arg = "?" + or + exists(int n | + cs = ContentSet::arrayElementLowerBound(n) and + result = "ArrayElement" and + arg = n + ".." and + n > 0 // n=0 is just 'ArrayElement' + or + cs = ContentSet::arrayElementKnown(n) and + result = "ArrayElement" and + arg = n.toString() + or + n = cs.asPropertyName().toInt() and + n >= 0 and + result = "ArrayElement" and + arg = n + "!" + ) + or + arg = "" and + ( + cs = ContentSet::mapValueAll() and result = "MapValue" + or + cs = ContentSet::mapKey() and result = "MapKey" + or + cs = ContentSet::setElement() and result = "SetElement" + or + cs = ContentSet::iteratorElement() and result = "IteratorElement" + or + cs = ContentSet::iteratorError() and result = "IteratorError" + ) + or + cs = getPromiseContent(arg) and + result = "Awaited" + or + cs = MkAwaited() and result = "Awaited" and arg = "" + or + cs = MkAnyPropertyDeep() and result = "AnyMemberDeep" and arg = "" + or + cs = MkArrayElementDeep() and result = "ArrayElementDeep" and arg = "" + or + cs = MkOptionalStep(arg) and result = "OptionalStep" + or + cs = MkOptionalBarrier(arg) and result = "OptionalBarrier" +} + +/** + * Gets the textual representation of content `cs` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeContent(ContentSet cs, string arg) { + result = encodeContentAux(cs, arg) + or + not exists(encodeContentAux(cs, _)) and + result = "Member" and + arg = cs.asSingleton().toString() +} + +/** Gets the textual representation of a parameter position in the format used for flow summaries. */ +string encodeParameterPosition(ParameterPosition pos) { + positionName(pos, result) and result != "any" +} + +/** Gets the textual representation of an argument position in the format used for flow summaries. */ +string encodeArgumentPosition(ArgumentPosition pos) { + positionName(pos, result) and result != "any" +} + +/** Gets the return kind corresponding to specification `"ReturnValue"`. */ +ReturnKind getStandardReturnValueKind() { result = MkNormalReturnKind() and Stage::ref() } + +private module FlowSummaryStepInput implements Private::StepsInputSig { + DataFlowCall getACall(SummarizedCallable sc) { + exists(LibraryCallable callable | callable = sc | + result.asOrdinaryCall() = + [ + callable.getACall(), callable.getACallSimple(), + callable.(LibraryCallableInternal).getACallStage2() + ] + ) + } +} + +module Steps = Private::Steps; + +module RenderSummarizedCallable = Private::RenderSummarizedCallable; + +class AccessPath = Private::AccessPath; + +class AccessPathToken = Private::AccessPathToken; + +/** + * Gets the textual representation of return kind `rk` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeReturn(ReturnKind rk, string arg) { + result = "ReturnValue" and + ( + rk = MkNormalReturnKind() and arg = "" + or + rk = MkExceptionalReturnKind() and arg = "exception" + ) +} + +/** + * Gets the textual representation of without-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithoutContent(ContentSet c, string arg) { result = "Without" + encodeContent(c, arg) } + +/** + * Gets the textual representation of with-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeContent(c, arg) } + +/** + * Gets a parameter position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeParameterPosition` predicate. This is useful for example when a + * single token gives rise to multiple parameter positions, such as ranges + * `0..n`. + */ +bindingset[token] +ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTokenBase token) { + token.getName() = "Argument" and + desugaredPositionName(result, token.getAnArgument()) +} + +/** + * Gets an argument position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeArgumentPosition` predicate. This is useful for example when a + * single token gives rise to multiple argument positions, such as ranges + * `0..n`. + */ +bindingset[token] +ArgumentPosition decodeUnknownArgumentPosition(AccessPathSyntax::AccessPathTokenBase token) { + token.getName() = "Parameter" and + desugaredPositionName(result, token.getAnArgument()) +} + +/** + * Gets a content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a return kind corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeReturn` predicate. + */ +bindingset[token] +ReturnKind decodeUnknownReturn(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a without-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithoutContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithoutContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a with-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +cached +module Stage { + cached + predicate ref() { 1 = 1 } + + cached + predicate backref() { optionalStep(_, _, _) } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll index 18db549300a..01b109ba276 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll @@ -46,6 +46,7 @@ class PreCallGraphStep extends Unit { } } +cached module PreCallGraphStep { /** * Holds if there is a step from `pred` to `succ`. @@ -83,6 +84,7 @@ module PreCallGraphStep { /** * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. */ + cached predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { @@ -90,6 +92,91 @@ module PreCallGraphStep { } } +/** + * Internal extension point for adding legacy flow edges prior to call graph construction + * and type tracking, but where the steps should not be used by the new data flow library. + * + * Steps added here will be added to both `LegacyFlowStep` and `SharedTypeTrackingStep`. + * + * Contributing steps that rely on type tracking will lead to negative recursion. + */ +class LegacyPreCallGraphStep extends Unit { + /** + * Holds if there is a step from `pred` to `succ`. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + none() + } +} + +cached +module LegacyPreCallGraphStep { + /** + * Holds if there is a step from `pred` to `succ`. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyPreCallGraphStep s).step(pred, succ) + } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + Stages::TypeTracking::ref() and + any(LegacyPreCallGraphStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) @@ -114,26 +201,60 @@ private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { } } +private class LegacyFlowStepFromPreCallGraph extends DataFlow::LegacyFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + LegacyPreCallGraphStep::step(pred, succ) + } + + override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + LegacyPreCallGraphStep::storeStep(pred, succ, prop) + } + + override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStep(pred, succ, prop) + } + + override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) + } + + override predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedTypeTrackingStepFromPreCallGraph extends DataFlow::SharedTypeTrackingStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) + or + LegacyPreCallGraphStep::step(pred, succ) } override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::storeStep(pred, succ, prop) + or + LegacyPreCallGraphStep::storeStep(pred, succ, prop) } override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { PreCallGraphStep::loadStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStep(pred, succ, prop) } override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::loadStoreStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) } override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { PreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll index 435d4d82ed5..2bcd89130a9 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll @@ -1,6 +1,8 @@ import javascript private import semmle.javascript.dataflow.TypeTracking private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.Contents as Contents +private import sharedlib.SummaryTypeTracker as SummaryTypeTracker private import FlowSteps cached @@ -29,6 +31,8 @@ private module Cached { SharedTypeTrackingStep::loadStoreStep(_, _, _, this) or this = DataFlow::PseudoProperties::arrayLikeElement() + or + this instanceof Contents::Private::PropertyName } } @@ -46,6 +50,12 @@ private module Cached { LoadStoreStep(PropertyName fromProp, PropertyName toProp) { SharedTypeTrackingStep::loadStoreStep(_, _, fromProp, toProp) or + exists(DataFlow::ContentSet loadContent, DataFlow::ContentSet storeContent | + SummaryTypeTracker::basicLoadStoreStep(_, _, loadContent, storeContent) and + fromProp = loadContent.asPropertyName() and + toProp = storeContent.asPropertyName() + ) + or summarizedLoadStoreStep(_, _, fromProp, toProp) } or WithoutPropStep(PropertySet props) { SharedTypeTrackingStep::withoutPropStep(_, _, props) } @@ -205,6 +215,21 @@ private module Cached { succ = getACallbackSource(parameter).getParameter(i) and summary = ReturnStep() ) + or + SummaryTypeTracker::levelStepNoCall(pred, succ) and summary = LevelStep() + or + exists(DataFlow::ContentSet content | + SummaryTypeTracker::basicLoadStep(pred, succ, content) and + summary = LoadStep(content.asPropertyName()) + or + SummaryTypeTracker::basicStoreStep(pred, succ, content) and + summary = StoreStep(content.asPropertyName()) + ) + or + exists(DataFlow::ContentSet loadContent, DataFlow::ContentSet storeContent | + SummaryTypeTracker::basicLoadStoreStep(pred, succ, loadContent, storeContent) and + summary = LoadStoreStep(loadContent.asPropertyName(), storeContent.asPropertyName()) + ) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll new file mode 100644 index 00000000000..5f290b557fe --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -0,0 +1,119 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.Contents::Public +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.BarrierGuards +private import semmle.javascript.dataflow.internal.sharedlib.Ssa as Ssa2 + +cached +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTracking::AdditionalTaintStep::step(node1, node2) + or + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), false, _) // TODO: preserve 'model' parameter + or + // Convert steps into and out of array elements to plain taint steps + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) + or + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) + or + // If the spread argument itself is tainted (not inside a content), store it into the dynamic argument array. + exists(InvokeExpr invoke, Content c | + node1 = TValueNode(invoke.getAnArgument().stripParens().(SpreadElement).getOperand()) and + node2 = TDynamicArgumentStoreNode(invoke, c) and + c.isUnknownArrayElement() + ) + or + // If the array in an .apply() call is tainted (not inside a content), box it in an array element (similar to the case above). + exists(ApplyCallTaintNode taintNode | + node1 = taintNode.getArrayNode() and + node2 = taintNode + ) +} + +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2, string model) { + defaultAdditionalTaintStep(node1, node2) and model = "" // TODO: set model +} + +bindingset[node] +pragma[inline_late] +private BasicBlock getBasicBlockFromSsa2(Ssa2::Node node) { + result = node.(Ssa2::ExprNode).getExpr().getBasicBlock() + or + node.(Ssa2::SsaInputNode).isInputInto(_, result) +} + +/** + * Holds if `node` should act as a taint barrier, as it occurs after a variable has been checked to be falsy. + * + * For example: + * ```js + * if (!x) { + * use(x); // <-- 'x' is a varAccessBarrier + * } + * ``` + * + * This is particularly important for ensuring that query-specific barrier guards work when they + * occur after a truthiness-check: + * ```js + * if (x && !isSafe(x)) { + * throw new Error() + * } + * use(x); // both inputs to the phi-read for 'x' are blocked (one by varAccessBarrier, one by isSafe(x)) + * ``` + */ +private predicate varAccessBarrier(DataFlow::Node node) { + exists(ConditionGuardNode guard, Ssa2::ExprNode nodeFrom, Ssa2::Node nodeTo | + guard.getOutcome() = false and + guard.getTest().(VarAccess) = nodeFrom.getExpr() and + Ssa2::localFlowStep(_, nodeFrom, nodeTo, true) and + guard.dominates(getBasicBlockFromSsa2(nodeTo)) and + node = getNodeFromSsa2(nodeTo) + ) +} + +/** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ +cached +predicate defaultTaintSanitizer(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or + varAccessBarrier(node) or + node = MakeBarrierGuard::getABarrierNode() +} + +/** + * Holds if default taint-tracking should allow implicit reads + * of `c` at sinks and inputs to additional taint steps. + */ +bindingset[node] +predicate defaultImplicitTaintRead(DataFlow::Node node, ContentSet c) { + exists(node) and + c = [ContentSet::promiseValue(), ContentSet::arrayElement()] and + // Optional steps are added through isAdditionalFlowStep but we don't want the implicit reads + not optionalStep(node, _, _) +} + +private predicate isArgumentToResolvedCall(DataFlow::Node arg) { + exists(DataFlowCall c | + exists(viableCallable(c)) and + isArgumentNode(arg, c, _) + ) +} + +predicate speculativeTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(DataFlow::CallNode call | + node1 = call.getAnArgument() and + node2 = call and + // A given node can appear as argument in more than one call. For example `x` in `fn.call(x)` is + // is argument 0 of the `fn.call` call, but also the receiver of a reflective call to `fn`. + // It is thus not enough to check if `call` has a known target; we nede to ensure that none of the calls + // involving `node1` have a known target. + not isArgumentToResolvedCall(node1) + ) +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll new file mode 100644 index 00000000000..32ce88169e6 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -0,0 +1,308 @@ +private import javascript as js +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.VariableOrThis +private import codeql.dataflow.VariableCapture +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon + +module VariableCaptureConfig implements InputSig { + private js::Function getLambdaFromVariable(js::LocalVariable variable) { + result.getVariable() = variable + or + result = variable.getAnAssignedExpr().getUnderlyingValue() + or + exists(js::ClassDeclStmt cls | + result = cls.getConstructor().getBody() and + variable = cls.getVariable() + ) + } + + additional predicate isTopLevelLike(js::StmtContainer container) { + container instanceof js::TopLevel + or + container = any(js::AmdModuleDefinition mod).getFactoryFunction() + or + isTopLevelLike(container.(js::ImmediatelyInvokedFunctionExpr).getEnclosingContainer()) + or + // Containers declaring >100 captured variables tend to be singletons and are too expensive anyway + strictcount(js::LocalVariable v | v.isCaptured() and v.getDeclaringContainer() = container) > + 100 + } + + class CapturedVariable extends LocalVariableOrThis { + CapturedVariable() { + DataFlowImplCommon::forceCachingInSameStage() and + this.isCaptured() and + not isTopLevelLike(this.getDeclaringContainer()) + } + + Callable getCallable() { result = this.getDeclaringContainer().getFunctionBoundary() } + } + + additional predicate captures(js::Function fun, CapturedVariable variable) { + ( + variable.asLocalVariable().getAnAccess().getContainer().getFunctionBoundary() = fun + or + variable.getAThisUse().getUseContainer() = fun + or + exists(js::Function inner | + captures(inner, variable) and + containsReferenceTo(fun, inner) + ) + ) and + not variable.getDeclaringContainer() = fun + } + + private predicate containsReferenceTo(js::Function fun, js::Function other) { + other.getEnclosingContainer() = fun + or + exists(js::LocalVariable variable | + other = getLambdaFromVariable(variable) and + variable.getAnAccess().getEnclosingFunction() = fun and + fun.getEnclosingContainer() = other.getEnclosingContainer().getEnclosingContainer*() and + other != fun + ) + } + + private js::Function getACapturingFunctionInTree(js::AstNode e) { + result = e and + captures(e, _) + or + not e instanceof js::Function and + result = getACapturingFunctionInTree(e.getAChild()) + } + + /** + * Holds if `decl` declares a variable that is captured by its own initializer, that is, the initializer of `decl`. + * + * For example, the declaration of `obj` below captures itself in its initializer: + * ```js + * const obj = { + * method: () => { ...obj... } + * } + * ``` + * + * The lambda can only observe values of `obj` at one of the aliases of that lambda. Due to limited aliases analysis, + * the only alias we can see is the lambda itself. However, at this stage the `obj` variable is still unassigned, so it + * just sees its implicit initialization, thus failing to capture any real flows through `obj`. + * + * Consider that the similar example does not have this problem: + * + * ```js + * const obj = {}; + * obj.method = () => { ...obj... }; + * ``` + * + * In this case, `obj` has already been assigned at the point of the lambda creation, so we propagate the correct value + * into the lambda. + * + * Our workaround is to make the first example look like the second one, by placing the assignment of + * `obj` before the object literal. We do this whenever a variable captures itself in its initializer. + */ + private predicate isCapturedByOwnInitializer(js::VariableDeclarator decl) { + exists(js::Function function | + function = getACapturingFunctionInTree(decl.getInit()) and + captures(function, + LocalVariableOrThis::variable(decl.getBindingPattern().(js::VarDecl).getVariable())) + ) + } + + class ControlFlowNode = js::ControlFlowNode; + + class BasicBlock extends js::BasicBlock { + Callable getEnclosingCallable() { result = this.getContainer().getFunctionBoundary() } + } + + class Callable extends js::StmtContainer { + predicate isConstructor() { + // JS constructors should not be seen as "constructors" in this context. + none() + } + } + + class CapturedParameter extends CapturedVariable { + CapturedParameter() { this.asLocalVariable().isParameter() or exists(this.asThisContainer()) } + } + + class Expr extends js::AST::ValueNode { + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + predicate hasCfgNode(BasicBlock bb, int i) { + // Note: this is overridden for FunctionDeclStmt + bb.getNode(i) = this + } + } + + class VariableRead extends Expr instanceof js::ControlFlowNode { + private CapturedVariable variable; + + VariableRead() { this = variable.getAUse() } + + CapturedVariable getVariable() { result = variable } + } + + class ClosureExpr extends Expr { + ClosureExpr() { captures(this, _) } + + predicate hasBody(Callable c) { c = this } + + predicate hasAliasedAccess(Expr e) { + e = this + or + e.(js::Expr).getUnderlyingValue() = this + or + exists(js::LocalVariable variable | + this = getLambdaFromVariable(variable) and + e.(js::Expr).getUnderlyingValue() = variable.getAnAccess() + ) + } + } + + private newtype TVariableWrite = + MkExplicitVariableWrite(js::VarRef pattern) { + exists(js::DataFlow::lvalueNodeInternal(pattern)) and + any(CapturedVariable v).asLocalVariable() = pattern.getVariable() + } or + MkImplicitVariableInit(CapturedVariable v) { not v instanceof CapturedParameter } + + class VariableWrite extends TVariableWrite { + CapturedVariable getVariable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + js::DbLocation getLocation() { none() } // Overridden in subclass + + predicate hasCfgNode(BasicBlock bb, int i) { none() } // Overridden in subclass + + // note: langauge-specific + js::DataFlow::Node getSource() { none() } // Overridden in subclass + } + + additional class ExplicitVariableWrite extends VariableWrite, MkExplicitVariableWrite { + private js::VarRef pattern; + + ExplicitVariableWrite() { this = MkExplicitVariableWrite(pattern) } + + override CapturedVariable getVariable() { result.asLocalVariable() = pattern.getVariable() } + + override string toString() { result = pattern.toString() } + + /** Gets the location of this write. */ + override js::DbLocation getLocation() { result = pattern.getLocation() } + + override js::DataFlow::Node getSource() { + // Note: there is not always an expression corresponding to the RHS of the assignment. + // We do however have a data-flow node for this purpose (the lvalue-node). + // We use the pattern as a placeholder here, to be mapped to a data-flow node with `DataFlow::lvalueNode`. + result = js::DataFlow::lvalueNodeInternal(pattern) + } + + /** + * Gets a CFG node that should act at the place where this variable write happens, overriding its "true" CFG node. + */ + private js::ControlFlowNode getCfgNodeOverride() { + exists(js::VariableDeclarator decl | + decl.getBindingPattern() = pattern and + isCapturedByOwnInitializer(decl) and + result = decl.getInit().getFirstControlFlowNode() + ) + } + + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + override predicate hasCfgNode(BasicBlock bb, int i) { + bb.getNode(i) = this.getCfgNodeOverride() + or + not exists(this.getCfgNodeOverride()) and + bb.getNode(i) = pattern.(js::LValue).getDefNode() + } + } + + additional class ImplicitVariableInit extends VariableWrite, MkImplicitVariableInit { + private CapturedVariable variable; + + ImplicitVariableInit() { this = MkImplicitVariableInit(variable) } + + override string toString() { result = "[implicit init] " + variable } + + override js::DbLocation getLocation() { result = variable.getLocation() } + + override CapturedVariable getVariable() { result = variable } + + override predicate hasCfgNode(BasicBlock bb, int i) { + // 'i' would normally be bound to 0, but we lower it to -1 so FunctionDeclStmts can be evaluated + // at index 0. + any(js::SsaImplicitInit def).definesAt(bb, _, variable.asLocalVariable()) and i = -1 + or + bb.(js::EntryBasicBlock).getContainer() = variable.asThisContainer() and i = -1 + } + } + + BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } + + BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result = bb.getImmediateDominator() } + + predicate entryBlock(BasicBlock bb) { bb instanceof js::EntryBasicBlock } + + predicate exitBlock(BasicBlock bb) { bb.getLastNode() instanceof js::ControlFlowExitNode } +} + +module VariableCaptureOutput = Flow; + +js::DataFlow::Node getNodeFromClosureNode(VariableCaptureOutput::ClosureNode node) { + result = TValueNode(node.(VariableCaptureOutput::ExprNode).getExpr()) + or + result = + TValueNode(node.(VariableCaptureOutput::ParameterNode) + .getParameter() + .asLocalVariable() + .getADeclaration()) + or + result = TThisNode(node.(VariableCaptureOutput::ParameterNode).getParameter().asThisContainer()) + or + result = TExprPostUpdateNode(node.(VariableCaptureOutput::ExprPostUpdateNode).getExpr()) + or + // Note: the `this` parameter in the capture library is expected to be a parameter that refers to the lambda object itself, + // which for JS means the `TFunctionSelfReferenceNode`, not `TThisNode` as one might expect. + result = TFunctionSelfReferenceNode(node.(VariableCaptureOutput::ThisParameterNode).getCallable()) + or + result = TSynthCaptureNode(node.(VariableCaptureOutput::SynthesizedCaptureNode)) + or + result = node.(VariableCaptureOutput::VariableWriteSourceNode).getVariableWrite().getSource() +} + +VariableCaptureOutput::ClosureNode getClosureNode(js::DataFlow::Node node) { + node = getNodeFromClosureNode(result) +} + +private module Debug { + private import VariableCaptureConfig + + predicate relevantContainer(js::StmtContainer container) { + container.getEnclosingContainer*().(js::Function).getName() = "exists" + } + + predicate localFlowStep( + VariableCaptureOutput::ClosureNode node1, VariableCaptureOutput::ClosureNode node2 + ) { + VariableCaptureOutput::localFlowStep(node1, node2) + } + + predicate localFlowStepMapped(js::DataFlow::Node node1, js::DataFlow::Node node2) { + localFlowStep(getClosureNode(node1), getClosureNode(node2)) and + relevantContainer(node1.getContainer()) + } + + predicate readBB(VariableRead read, BasicBlock bb, int i) { read.hasCfgNode(bb, i) } + + predicate writeBB(VariableWrite write, BasicBlock bb, int i) { write.hasCfgNode(bb, i) } + + int captureDegree(js::Function fun) { + result = strictcount(CapturedVariable v | captures(fun, v)) + } + + int maxDegree() { result = max(captureDegree(_)) } + + int captureMax(js::Function fun) { result = captureDegree(fun) and result = maxDegree() } + + int captureMax(js::Function fun, CapturedVariable v) { + result = captureDegree(fun) and result = maxDegree() and captures(fun, v) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableOrThis.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableOrThis.qll new file mode 100644 index 00000000000..8309c0d639c --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableOrThis.qll @@ -0,0 +1,130 @@ +private import javascript +private import DataFlowNode + +cached +private newtype TLocalVariableOrThis = + TLocalVariable(LocalVariable var) or + TThis(StmtContainer container) { not container instanceof ArrowFunctionExpr } + +/** A local variable or `this` in a particular container. */ +class LocalVariableOrThis extends TLocalVariableOrThis { + /** Gets the local variable represented by this newtype, if any. */ + LocalVariable asLocalVariable() { this = TLocalVariable(result) } + + /** If this represents `this`, gets the enclosing container */ + StmtContainer asThisContainer() { this = TThis(result) } + + /** Gets the name of the variable or the string `"this"`. */ + string toString() { result = this.getName() } + + /** Gets the name of the variable or the string `"this"`. */ + string getName() { + result = this.asLocalVariable().getName() + or + this instanceof TThis and result = "this" + } + + /** Gets the location of a declaration of this variable, or the declaring container if this is `this`. */ + DbLocation getLocation() { + result = this.asLocalVariable().getLocation() + or + result = this.asThisContainer().getLocation() + } + + /** Holds if this is a captured variable or captured `this`. */ + predicate isCaptured() { + this.asLocalVariable().isCaptured() + or + hasCapturedThis(this.asThisContainer()) + } + + /** Gets the container declaring this variable or is the enclosing container for `this`. */ + StmtContainer getDeclaringContainer() { + result = this.asLocalVariable().getDeclaringContainer() + or + result = this.asThisContainer() + } + + /** Gets an explicit access to `this` represented by this value. */ + ThisExpr getAThisExpr() { result.getBindingContainer() = this.asThisContainer() } + + /** Gets an implicit or explicit use of the `this` represented by this value. */ + ThisUse getAThisUse() { result.getBindingContainer() = this.asThisContainer() } + + /** Gets an expression that accesses this variable or `this`. */ + ControlFlowNode getAUse() { + result = this.asLocalVariable().getAnAccess() + or + result = this.getAThisUse() + } +} + +bindingset[c1, c2] +pragma[inline_late] +private predicate sameContainer(StmtContainer c1, StmtContainer c2) { c1 = c2 } + +pragma[nomagic] +private predicate hasCapturedThis(StmtContainer c) { + exists(ThisExpr expr | + expr.getBindingContainer() = c and + not sameContainer(c, expr.getContainer()) + ) +} + +module LocalVariableOrThis { + /** Gets the representation of the given local variable. */ + LocalVariableOrThis variable(LocalVariable v) { result.asLocalVariable() = v } + + /** Gets the representation of `this` in the given container. */ + LocalVariableOrThis thisInContainer(StmtContainer c) { result = TThis(c) } +} + +/** + * An explicit or implicit use of `this`. + * + * Implicit uses include `super()` calls and instance field initializers (which includes TypeScript parameter fields). + */ +abstract class ThisUse instanceof ControlFlowNode { + /** Gets the container binding the `this` being accessed */ + abstract StmtContainer getBindingContainer(); + + /** Get the container in which `this` is being accessed. */ + abstract StmtContainer getUseContainer(); + + /** Gets a string representation of this element. */ + string toString() { result = super.toString() } + + /** Gets the location of this use of `this`. */ + DbLocation getLocation() { result = super.getLocation() } +} + +private predicate implicitThisUse(ControlFlowNode node, StmtContainer thisBinder) { + thisBinder = node.(SuperExpr).getBinder() + or + exists(FieldDefinition field | + not field.isStatic() and + node = field and + thisBinder = field.getDeclaringClass().getConstructor().getBody() + ) +} + +class ImplicitThisUse extends ThisUse { + ImplicitThisUse() { implicitThisUse(this, _) } + + override StmtContainer getBindingContainer() { implicitThisUse(this, result) } + + override StmtContainer getUseContainer() { + // The following differs from FieldDefinition.getContainer() which returns the container enclosing + // the class, not the class constructor. + // TODO: consider changing this in FieldDefinition.getContainer() + result = this.(FieldDefinition).getDeclaringClass().getConstructor().getBody() + or + result = this.(SuperExpr).getContainer() + } +} + +private class ExplicitThisUse extends ThisUse instanceof ThisExpr { + override StmtContainer getBindingContainer() { result = ThisExpr.super.getBindingContainer() } + + override StmtContainer getUseContainer() { result = ThisExpr.super.getContainer() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll new file mode 100644 index 00000000000..d9e711ee07a --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll @@ -0,0 +1,7 @@ +/** Provides the instantiation of the shared data flow library. */ + +private import semmle.javascript.Locations +private import codeql.dataflow.DataFlow +private import DataFlowArg +import DataFlowMake +import DataFlowImplSpecific::Public diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll new file mode 100644 index 00000000000..c911461788d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -0,0 +1,53 @@ +private import semmle.javascript.Locations +private import DataFlowImplSpecific +private import codeql.dataflow.DataFlow as SharedDataFlow +private import codeql.dataflow.TaintTracking as SharedTaintTracking +private import codeql.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl + +module JSDataFlow implements SharedDataFlow::InputSig { + import Private + import Public + + // Explicitly implement signature members that have a default + predicate typeStrongerThan = Private::typeStrongerThan/2; + + predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1; + + predicate accessPathLimit = Private::accessPathLimit/0; + + predicate viableImplInCallContext = Private::viableImplInCallContext/2; + + predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1; +} + +module JSTaintFlow implements SharedTaintTracking::InputSig { + import semmle.javascript.dataflow.internal.TaintTrackingPrivate +} + +module JSFlowSummary implements FlowSummaryImpl::InputSig { + private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate + import FlowSummaryPrivate + + // Explicitly implement signature members that have a default + predicate callbackSelfParameterPosition = FlowSummaryPrivate::callbackSelfParameterPosition/0; + + predicate encodeContent = FlowSummaryPrivate::encodeContent/2; + + predicate encodeReturn = FlowSummaryPrivate::encodeReturn/2; + + predicate encodeWithoutContent = FlowSummaryPrivate::encodeWithoutContent/2; + + predicate encodeWithContent = FlowSummaryPrivate::encodeWithContent/2; + + predicate decodeUnknownParameterPosition = FlowSummaryPrivate::decodeUnknownParameterPosition/1; + + predicate decodeUnknownArgumentPosition = FlowSummaryPrivate::decodeUnknownArgumentPosition/1; + + predicate decodeUnknownContent = FlowSummaryPrivate::decodeUnknownContent/1; + + predicate decodeUnknownReturn = FlowSummaryPrivate::decodeUnknownReturn/1; + + predicate decodeUnknownWithoutContent = FlowSummaryPrivate::decodeUnknownWithoutContent/1; + + predicate decodeUnknownWithContent = FlowSummaryPrivate::decodeUnknownWithContent/1; +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll new file mode 100644 index 00000000000..3ddcb693f54 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import codeql.dataflow.internal.DataFlowImpl +private import DataFlowArg +import MakeImpl diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll new file mode 100644 index 00000000000..62188d47b80 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import DataFlowArg +private import codeql.dataflow.internal.DataFlowImplCommon +import MakeImplCommon diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll new file mode 100644 index 00000000000..a8b541c1b31 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll @@ -0,0 +1,12 @@ +private import javascript + +// This file provides the input to FlowSummaryImpl.qll, which is shared via identical-files.json. +module Private { + import semmle.javascript.dataflow.internal.DataFlowPrivate +} + +module Public { + import semmle.javascript.dataflow.internal.Contents::Public + + class Node = DataFlow::Node; +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll new file mode 100644 index 00000000000..bf370eb9a27 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import codeql.dataflow.internal.FlowSummaryImpl +private import DataFlowArg +import Make diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll new file mode 100644 index 00000000000..04607a5bd5b --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll @@ -0,0 +1,109 @@ +/** + * Instantiates the shared SSA library for JavaScript, but only to establish use-use flow. + * + * JavaScript's old SSA library is still responsible for the ordinary SSA flow. + */ + +private import javascript as js +private import codeql.ssa.Ssa +private import semmle.javascript.internal.BasicBlockInternal as BasicBlockInternal +private import semmle.javascript.dataflow.internal.VariableOrThis + +module SsaConfig implements InputSig { + class ControlFlowNode = js::ControlFlowNode; + + class BasicBlock = js::BasicBlock; + + class ExitBasicBlock extends BasicBlock { + ExitBasicBlock() { this.isExitBlock() } + } + + class SourceVariable extends LocalVariableOrThis { + SourceVariable() { not this.isCaptured() } + } + + pragma[nomagic] + private js::EntryBasicBlock getEntryBlock(js::StmtContainer container) { + result.getContainer() = container + } + + predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { + certain = true and + ( + bb.defAt(i, v.asLocalVariable(), _) + or + // Implicit initialization and function parameters + bb = getEntryBlock(v.getDeclaringContainer()) and + i = -1 + ) + } + + predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { + bb.useAt(i, v.asLocalVariable(), _) and certain = true + or + certain = true and + bb.getNode(i).(ThisUse).getBindingContainer() = v.asThisContainer() + } + + predicate getImmediateBasicBlockDominator = BasicBlockInternal::immediateDominator/1; + + pragma[inline] + BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } +} + +import Make + +module SsaDataflowInput implements DataFlowIntegrationInputSig { + class Expr extends js::ControlFlowNode { + Expr() { this = any(SsaConfig::SourceVariable v).getAUse() } + + predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) } + } + + predicate ssaDefAssigns(WriteDefinition def, Expr value) { + // This library only handles use-use flow after a post-update, there are no definitions, only uses. + none() + } + + class Parameter = js::Parameter; + + predicate ssaDefInitializesParam(WriteDefinition def, Parameter p) { + // This library only handles use-use flow after a post-update, there are no definitions, only uses. + none() + } + + cached + Expr getARead(Definition def) { + // Copied from implementation so we can cache it here + exists(SsaConfig::SourceVariable v, js::BasicBlock bb, int i | + ssaDefReachesRead(v, def, bb, i) and + SsaConfig::variableRead(bb, i, v, true) and + result.hasCfgNode(bb, i) + ) + } + + class Guard extends js::ControlFlowNode { + Guard() { this = any(js::ConditionGuardNode g).getTest() } + + predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) } + } + + pragma[inline] + predicate guardControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) { + exists(js::ConditionGuardNode g | + g.getTest() = guard and + g.dominates(bb) and + branch = g.getOutcome() + ) + } + + js::BasicBlock getAConditionalBasicBlockSuccessor(js::BasicBlock bb, boolean branch) { + exists(js::ConditionGuardNode g | + bb = g.getTest().getBasicBlock() and + result = g.getBasicBlock() and + branch = g.getOutcome() + ) + } +} + +import DataFlowIntegration diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/SummaryTypeTracker.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/SummaryTypeTracker.qll new file mode 100644 index 00000000000..c9acd77db1a --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/SummaryTypeTracker.qll @@ -0,0 +1,83 @@ +private import semmle.javascript.Locations +private import codeql.typetracking.internal.SummaryTypeTracker +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import semmle.javascript.dataflow.FlowSummary as FlowSummary +private import FlowSummaryImpl as FlowSummaryImpl +private import DataFlowArg + +private module SummaryFlowConfig implements Input { + import JSDataFlow + import FlowSummaryImpl::Public + import FlowSummaryImpl::Private + import FlowSummaryImpl::Private::SummaryComponent + + class Content = DataFlow::ContentSet; + + class ContentFilter extends Unit { + ContentFilter() { none() } + } + + ContentFilter getFilterFromWithoutContentStep(Content content) { none() } + + ContentFilter getFilterFromWithContentStep(Content content) { none() } + + predicate singleton = SummaryComponentStack::singleton/1; + + predicate push = SummaryComponentStack::push/2; + + SummaryComponent return() { + result = SummaryComponent::return(DataFlowPrivate::MkNormalReturnKind()) + } + + Node argumentOf(Node call, SummaryComponent arg, boolean isPostUpdate) { + // Note: we cannot rely on DataFlowPrivate::DataFlowCall here because that depends on the call graph. + exists(ArgumentPosition apos, ParameterPosition ppos, Node argNode | + arg = argument(ppos) and + parameterMatch(ppos, apos) and + ( + argNode = call.(DataFlow::InvokeNode).getArgument(apos.asPositional()) + or + apos.isThis() and + argNode = call.(DataFlow::CallNode).getReceiver() + ) + | + isPostUpdate = true and result = argNode.getPostUpdateNode() + or + isPostUpdate = false and result = argNode + ) + } + + Node parameterOf(Node callable, SummaryComponent param) { + exists(ArgumentPosition apos, ParameterPosition ppos, DataFlow::FunctionNode function | + param = parameter(apos) and + parameterMatch(ppos, apos) and + callable = function + | + result = function.getParameter(ppos.asPositional()) + or + ppos.isThis() and + result = function.getReceiver() + ) + } + + Node returnOf(Node callable, SummaryComponent return) { + return = return() and + result = callable.(DataFlow::FunctionNode).getReturnNode() + } + + class SummarizedCallable instanceof SummarizedCallableImpl { + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + super.propagatesFlow(input, output, preservesValue, _) + } + + string toString() { result = super.toString() } + } + + Node callTo(SummarizedCallable callable) { + result = callable.(FlowSummary::SummarizedCallable).getACallSimple() + } +} + +import SummaryFlow diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll new file mode 100644 index 00000000000..e2215a8afc3 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll @@ -0,0 +1,6 @@ +/** Provides the instantiation of the shared taint tracking library. */ + +private import semmle.javascript.Locations +private import codeql.dataflow.TaintTracking +private import DataFlowArg +import TaintFlowMake diff --git a/javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll b/javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll index bef34dc8ecd..18b7c27a2db 100644 --- a/javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/explore/BackwardDataFlow.qll @@ -12,10 +12,11 @@ * Backward exploration in particular does not scale on non-trivial code bases and hence is of limited * usefulness as it stands. */ +deprecated module; import javascript -private class BackwardExploringConfiguration extends DataFlow::Configuration { +deprecated private class BackwardExploringConfiguration extends DataFlow::Configuration { BackwardExploringConfiguration() { this = any(DataFlow::Configuration cfg) } override predicate isSource(DataFlow::Node node) { any() } diff --git a/javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll b/javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll index 4d6368c63b8..9d435d067b2 100644 --- a/javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/explore/ForwardDataFlow.qll @@ -10,10 +10,11 @@ * * NOTE: This library should only be used for debugging and exploration, not in production code. */ +deprecated module; import javascript -private class ForwardExploringConfiguration extends DataFlow::Configuration { +deprecated private class ForwardExploringConfiguration extends DataFlow::Configuration { ForwardExploringConfiguration() { this = any(DataFlow::Configuration cfg) } override predicate isSink(DataFlow::Node node) { any() } diff --git a/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll b/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll index 5dd44226351..8d392bc0448 100644 --- a/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll +++ b/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll @@ -61,6 +61,8 @@ predicate isTestFile(File f) { ) or f.getAbsolutePath().regexpMatch(".*/__(mocks|tests)__/.*") + or + f.getBaseName().matches("%.test.%") } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll b/javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll index 26f5570bc14..4dc60d44765 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll @@ -142,7 +142,7 @@ module AsyncPackage { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::FunctionNode iteratee, IterationCall call | iteratee = call.getIteratorCallback() and // Require a closure to avoid spurious call/return mismatch. - pred = call.getCollection() and + pred = call.getCollection() and // TODO: needs a flow summary to ensure ArrayElement content is unfolded succ = iteratee.getParameter(0) ) } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll index fa8fd4da565..04f3c9f7db7 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll @@ -52,6 +52,7 @@ module Markdown { private class MarkdownTableStep extends MarkdownStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | call = DataFlow::moduleImport("markdown-table").getACall() | + // TODO: needs a flow summary to ensure ArrayElement content is unfolded succ = call and pred = call.getArgument(0) ) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll index 1b616a199bc..1b1df4ceef3 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -56,13 +56,15 @@ predicate parseTypeString(string rawType, string package, string qualifiedName) * Holds if models describing `package` may be relevant for the analysis of this database. */ predicate isPackageUsed(string package) { - exists(DataFlow::moduleImport(package)) - or - exists(JS::PackageJson json | json.getPackageName() = package) - or package = "global" or - any(DataFlow::SourceNode sn).hasUnderlyingType(package, _) + package = any(JS::Import imp).getImportedPath().getValue() + or + any(JS::TypeName t).hasQualifiedName(package, _) + or + any(JS::TypeAnnotation t).hasQualifiedName(package, _) + or + exists(JS::PackageJson json | json.getPackageName() = package) } bindingset[type] diff --git a/javascript/ql/lib/semmle/javascript/internal/BasicBlockInternal.qll b/javascript/ql/lib/semmle/javascript/internal/BasicBlockInternal.qll new file mode 100644 index 00000000000..c7ad2a1ada8 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/BasicBlockInternal.qll @@ -0,0 +1,365 @@ +/** + * Provides classes for working with basic blocks, and predicates for computing + * liveness information for local variables. + */ + +import javascript +private import semmle.javascript.internal.StmtContainers +private import semmle.javascript.internal.CachedStages + +/** + * Holds if `nd` starts a new basic block. + */ +private predicate startsBB(ControlFlowNode nd) { + not exists(nd.getAPredecessor()) and exists(nd.getASuccessor()) + or + nd.isJoin() + or + nd.getAPredecessor().isBranch() +} + +/** + * Holds if the first node of basic block `succ` is a control flow + * successor of the last node of basic block `bb`. + */ +private predicate succBB(BasicBlock bb, BasicBlock succ) { succ = bb.getLastNode().getASuccessor() } + +/** + * Holds if the first node of basic block `bb` is a control flow + * successor of the last node of basic block `pre`. + */ +private predicate predBB(BasicBlock bb, BasicBlock pre) { succBB(pre, bb) } + +/** Holds if `bb` is an entry basic block. */ +private predicate entryBB(BasicBlock bb) { bb.getFirstNode() instanceof ControlFlowEntryNode } + +/** Holds if `bb` is an exit basic block. */ +private predicate exitBB(BasicBlock bb) { bb.getLastNode() instanceof ControlFlowExitNode } + +cached +private module Cached { + /** + * Holds if `succ` is a control flow successor of `nd` within the same basic block. + */ + private predicate intraBBSucc(ControlFlowNode nd, ControlFlowNode succ) { + succ = nd.getASuccessor() and + not succ instanceof BasicBlock + } + + /** + * Holds if `nd` is the `i`th node in basic block `bb`. + * + * In other words, `i` is the shortest distance from a node `bb` + * that starts a basic block to `nd` along the `intraBBSucc` relation. + */ + cached + predicate bbIndex(BasicBlock bb, ControlFlowNode nd, int i) = + shortestDistances(startsBB/1, intraBBSucc/2)(bb, nd, i) + + cached + int bbLength(BasicBlock bb) { result = strictcount(ControlFlowNode nd | bbIndex(bb, nd, _)) } + + cached + predicate useAt(BasicBlock bb, int i, Variable v, VarUse u) { + Stages::BasicBlocks::ref() and + v = u.getVariable() and + bbIndex(bb, u, i) + } + + cached + predicate defAt(BasicBlock bb, int i, Variable v, VarDef d) { + exists(VarRef lhs | + lhs = d.getTarget().(BindingPattern).getABindingVarRef() and + v = lhs.getVariable() + | + lhs = d.getTarget() and + bbIndex(bb, d, i) + or + exists(PropertyPattern pp | + lhs = pp.getValuePattern() and + bbIndex(bb, pp, i) + ) + or + exists(ObjectPattern op | + lhs = op.getRest() and + bbIndex(bb, lhs, i) + ) + or + exists(ArrayPattern ap | + lhs = ap.getAnElement() and + bbIndex(bb, lhs, i) + ) + ) + } + + cached + predicate reachableBB(BasicBlock bb) { + entryBB(bb) + or + exists(BasicBlock predBB | succBB(predBB, bb) | reachableBB(predBB)) + } +} + +private import Cached + +/** Gets the immediate dominator of `bb`. */ +cached +BasicBlock immediateDominator(BasicBlock bb) = idominance(entryBB/1, succBB/2)(_, result, bb) + +/** Gets the immediate post-dominator of `bb`. */ +cached +BasicBlock immediatePostDominator(BasicBlock bb) = idominance(exitBB/1, predBB/2)(_, result, bb) + +import Public + +module Public { + /** + * A basic block, that is, a maximal straight-line sequence of control flow nodes + * without branches or joins. + * + * At the database level, a basic block is represented by its first control flow node. + */ + class BasicBlock extends @cfg_node, NodeInStmtContainer { + cached + BasicBlock() { Stages::BasicBlocks::ref() and startsBB(this) } + + /** Gets a basic block succeeding this one. */ + BasicBlock getASuccessor() { succBB(this, result) } + + /** Gets a basic block preceding this one. */ + BasicBlock getAPredecessor() { result.getASuccessor() = this } + + /** Gets a node in this block. */ + ControlFlowNode getANode() { result = this.getNode(_) } + + /** Gets the node at the given position in this block. */ + ControlFlowNode getNode(int pos) { bbIndex(this, result, pos) } + + /** Gets the first node in this block. */ + ControlFlowNode getFirstNode() { result = this } + + /** Gets the last node in this block. */ + ControlFlowNode getLastNode() { result = this.getNode(this.length() - 1) } + + /** Gets the length of this block. */ + int length() { result = bbLength(this) } + + /** Holds if this basic block uses variable `v` in its `i`th node `u`. */ + predicate useAt(int i, Variable v, VarUse u) { useAt(this, i, v, u) } + + /** Holds if this basic block defines variable `v` in its `i`th node `d`. */ + predicate defAt(int i, Variable v, VarDef d) { defAt(this, i, v, d) } + + /** + * Holds if `v` is live at entry to this basic block and `u` is a use of `v` + * witnessing the liveness. + * + * In other words, `u` is a use of `v` that is reachable from the + * entry node of this basic block without going through a redefinition + * of `v`. The use `u` may either be in this basic block, or in another + * basic block reachable from this one. + */ + predicate isLiveAtEntry(Variable v, VarUse u) { + // restrict `u` to be reachable from this basic block + u = this.getASuccessor*().getANode() and + ( + // shortcut: if `v` is never defined, then it must be live + this.isDefinedInSameContainer(v) + implies + // otherwise, do full liveness computation + this.isLiveAtEntryImpl(v, u) + ) + } + + /** + * Holds if `v` is live at entry to this basic block and `u` is a use of `v` + * witnessing the liveness, where `v` is defined at least once in the enclosing + * function or script. + */ + private predicate isLiveAtEntryImpl(Variable v, VarUse u) { + this.isLocallyLiveAtEntry(v, u) + or + this.isDefinedInSameContainer(v) and + not this.defAt(_, v, _) and + this.getASuccessor().isLiveAtEntryImpl(v, u) + } + + /** + * Holds if `v` is defined at least once in the function or script to which + * this basic block belongs. + */ + private predicate isDefinedInSameContainer(Variable v) { + exists(VarDef def | def.getAVariable() = v and def.getContainer() = this.getContainer()) + } + + /** + * Holds if `v` is a variable that is live at entry to this basic block. + * + * Note that this is equivalent to `bb.isLiveAtEntry(v, _)`, but may + * be more efficient on large databases. + */ + predicate isLiveAtEntry(Variable v) { + this.isLocallyLiveAtEntry(v, _) + or + not this.defAt(_, v, _) and this.getASuccessor().isLiveAtEntry(v) + } + + /** + * Holds if local variable `v` is live at entry to this basic block and + * `u` is a use of `v` witnessing the liveness. + */ + predicate localIsLiveAtEntry(LocalVariable v, VarUse u) { + this.isLocallyLiveAtEntry(v, u) + or + not this.defAt(_, v, _) and this.getASuccessor().localIsLiveAtEntry(v, u) + } + + /** + * Holds if local variable `v` is live at entry to this basic block. + */ + predicate localIsLiveAtEntry(LocalVariable v) { + this.isLocallyLiveAtEntry(v, _) + or + not this.defAt(_, v, _) and this.getASuccessor().localIsLiveAtEntry(v) + } + + /** + * Holds if `d` is a definition of `v` that is reachable from the beginning of + * this basic block without going through a redefinition of `v`. + */ + predicate localMayBeOverwritten(LocalVariable v, VarDef d) { + this.isLocallyOverwritten(v, d) + or + not this.defAt(_, v, _) and this.getASuccessor().localMayBeOverwritten(v, d) + } + + /** + * Gets the next index after `i` in this basic block at which `v` is + * defined or used, provided that `d` is a definition of `v` at index `i`. + * If there are no further uses or definitions of `v` after `i`, the + * result is the length of this basic block. + */ + private int nextDefOrUseAfter(PurelyLocalVariable v, int i, VarDef d) { + this.defAt(i, v, d) and + result = + min(int j | + (this.defAt(j, v, _) or this.useAt(j, v, _) or j = this.length()) and + j > i + ) + } + + /** + * Holds if `d` defines variable `v` at the `i`th node of this basic block, and + * the definition is live, that is, the variable may be read after this + * definition and before a re-definition. + */ + predicate localLiveDefAt(PurelyLocalVariable v, int i, VarDef d) { + exists(int j | j = this.nextDefOrUseAfter(v, i, d) | + this.useAt(j, v, _) + or + j = this.length() and this.getASuccessor().localIsLiveAtEntry(v) + ) + } + + /** + * Holds if `u` is a use of `v` in this basic block, and there are + * no definitions of `v` before it. + */ + private predicate isLocallyLiveAtEntry(Variable v, VarUse u) { + exists(int n | this.useAt(n, v, u) | not exists(int m | m < n | this.defAt(m, v, _))) + } + + /** + * Holds if `d` is a definition of `v` in this basic block, and there are + * no other definitions of `v` before it. + */ + private predicate isLocallyOverwritten(Variable v, VarDef d) { + exists(int n | this.defAt(n, v, d) | not exists(int m | m < n | this.defAt(m, v, _))) + } + + /** + * Gets the basic block that immediately dominates this basic block. + */ + ReachableBasicBlock getImmediateDominator() { result = immediateDominator(this) } + + /** + * Holds if this if a basic block whose last node is an exit node. + */ + predicate isExitBlock() { exitBB(this) } + } + + /** + * An unreachable basic block, that is, a basic block + * whose first node is unreachable. + */ + class UnreachableBlock extends BasicBlock { + UnreachableBlock() { this.getFirstNode().isUnreachable() } + } + + /** + * An entry basic block, that is, a basic block + * whose first node is the entry node of a statement container. + */ + class EntryBasicBlock extends BasicBlock { + EntryBasicBlock() { entryBB(this) } + } + + /** + * A basic block that is reachable from an entry basic block. + */ + class ReachableBasicBlock extends BasicBlock { + ReachableBasicBlock() { reachableBB(this) } + + /** + * Holds if this basic block strictly dominates `bb`. + */ + pragma[inline] + predicate strictlyDominates(ReachableBasicBlock bb) { this = immediateDominator+(bb) } + + /** + * Holds if this basic block dominates `bb`. + * + * This predicate is reflexive: each reachable basic block dominates itself. + */ + pragma[inline] + predicate dominates(ReachableBasicBlock bb) { this = immediateDominator*(bb) } + + /** + * Holds if this basic block strictly post-dominates `bb`. + */ + pragma[inline] + predicate strictlyPostDominates(ReachableBasicBlock bb) { this = immediatePostDominator+(bb) } + + /** + * Holds if this basic block post-dominates `bb`. + * + * This predicate is reflexive: each reachable basic block post-dominates itself. + */ + pragma[inline] + predicate postDominates(ReachableBasicBlock bb) { this = immediatePostDominator*(bb) } + } + + /** + * A reachable basic block with more than one predecessor. + */ + class ReachableJoinBlock extends ReachableBasicBlock { + ReachableJoinBlock() { this.getFirstNode().isJoin() } + + /** + * Holds if this basic block belongs to the dominance frontier of `b`, that is + * `b` dominates a predecessor of this block, but not this block itself. + * + * Algorithm from Cooper et al., "A Simple, Fast Dominance Algorithm" (Figure 5), + * who in turn attribute it to Ferrante et al., "The program dependence graph and + * its use in optimization". + */ + predicate inDominanceFrontierOf(ReachableBasicBlock b) { + b = this.getAPredecessor() and not b = this.getImmediateDominator() + or + exists(ReachableBasicBlock prev | this.inDominanceFrontierOf(prev) | + b = prev.getImmediateDominator() and + not b = this.getImmediateDominator() + ) + } + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll index 39da790b6b9..470435ce23c 100644 --- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll +++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll @@ -25,6 +25,7 @@ private import StmtContainers private import semmle.javascript.dataflow.internal.PreCallGraphStep private import semmle.javascript.dataflow.internal.FlowSteps private import semmle.javascript.dataflow.internal.AccessPaths +private import semmle.javascript.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate /** * Contains a `cached module` for each stage. @@ -106,6 +107,30 @@ module Stages { } } + /** + * The part of data flow computed before flow summary nodes. + */ + cached + module EarlyDataFlowStage { + /** + * Always holds. + * Ensures that a predicate is evaluated as part of the early DataFlow stage. + */ + cached + predicate ref() { 1 = 1 } + + /** + * DONT USE! + * Contains references to each predicate that use the above `ref` predicate. + */ + cached + predicate backref() { + 1 = 1 + or + DataFlow::localFlowStep(_, _) + } + } + /** * The `dataflow` stage. */ @@ -128,8 +153,6 @@ module Stages { or exists(AmdModule a) or - DataFlow::localFlowStep(_, _) - or exists(any(DataFlow::SourceNode s).getAPropertyReference("foo")) or exists(any(Expr e).getExceptionTarget()) @@ -322,19 +345,7 @@ module Stages { or any(RegExpTerm t).isUsedAsRegExp() or - any(TaintTracking::AdditionalSanitizerGuardNode e).appliesTo(_) - } - - cached - class DummySanitizer extends TaintTracking::AdditionalSanitizerGuardNode { - cached - DummySanitizer() { none() } - - cached - override predicate appliesTo(TaintTracking::Configuration cfg) { none() } - - cached - override predicate sanitizes(boolean outcome, Expr e) { none() } + TaintTrackingPrivate::defaultTaintSanitizer(_) } } } diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll new file mode 100644 index 00000000000..5935fa8bfd6 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -0,0 +1,13 @@ +private import AmbiguousCoreMethods +private import Arrays +private import AsyncAwait +private import ExceptionFlow +private import ForOfLoops +private import Generators +private import Iterators +private import JsonStringify +private import Maps +private import Promises +private import Sets +private import Strings +private import DynamicImportStep diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll new file mode 100644 index 00000000000..95981a6fb95 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll @@ -0,0 +1,151 @@ +/** + * Contains flow summaries for methods with a name that can found on more than one of the core types: Array, String, Map, Set, Promise. + * + * This is an overview of the ambiguous methods and the classes that contain them (not all of these require a flow summary): + * ``` + * at: String, Array + * concat: String, Array + * includes: String, Array + * indexOf: String, Array + * lastIndexOf: String, Array + * slice: String, Array + * entries: Array, Map, Set + * forEach: Array, Map, Set + * keys: Array, Map, Set + * values: Array, Map, Set + * clear: Map, Set + * delete: Map, Set + * has: Map, Set + * ``` + * + * (Promise is absent in the table above as there currently are no name clashes with Promise methods) + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +class At extends SummarizedCallable { + At() { this = "Array#at / String#at" } + + override InstanceCall getACallSimple() { result.getMethodName() = "at" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + // + // There is no flow for String#at since we currently consider single-character extraction to be too restrictive + } +} + +class Concat extends SummarizedCallable { + Concat() { this = "Array#concat / String#concat" } + + override InstanceCall getACallSimple() { result.getMethodName() = "concat" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this,0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this,0..]" and + output = "ReturnValue" + } +} + +class Slice extends SummarizedCallable { + Slice() { this = "Array#slice / String#slice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "slice" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Entries extends SummarizedCallable { + Entries() { this = "Array#entries / Map#entries / Set#entries" } + + override InstanceCall getACall() { + result.getMethodName() = "entries" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement.Member[0]" + or + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement.Member[1]" + ) + } +} + +class ForEach extends SummarizedCallable { + ForEach() { this = "Array#forEach / Map#forEach / Set#forEach" } + + override InstanceCall getACallSimple() { result.getMethodName() = "forEach" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * array.forEach(callbackfn, thisArg) + * callbackfn(value, index, array) + */ + + ( + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "Argument[0].Parameter[1]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" // object being iterated over + or + input = "Argument[1]" and // thisArg + output = "Argument[0].Parameter[this]" + ) + } +} + +class Keys extends SummarizedCallable { + Keys() { this = "Array#keys / Map#keys / Set#keys" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "keys" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement" + } +} + +class Values extends SummarizedCallable { + Values() { this = "Array#values / Map#values / Set#values" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "values" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll new file mode 100644 index 00000000000..d9f0836d739 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll @@ -0,0 +1,593 @@ +/** + * Contains a summary for relevant methods on arrays. + * + * Note that some of Array methods are modelled in `AmbiguousCoreMethods.qll`, and `toString` is special-cased elsewhere. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +pragma[nomagic] +DataFlow::SourceNode arrayConstructorRef() { result = DataFlow::globalVarRef("Array") } + +pragma[nomagic] +private int firstSpreadIndex(ArrayExpr expr) { + result = min(int i | expr.getElement(i) instanceof SpreadElement) +} + +/** + * Store and read steps for an array literal. Since literals are not seen as calls, this is not a flow summary. + * + * In case of spread elements `[x, ...y]`, we generate a read from `y -> ...y` and then a store from `...y` into + * the array literal (to ensure constant-indices get broken up). + */ +class ArrayLiteralStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ArrayExpr array, int i | + pred = array.getElement(i).flow() and + succ = array.flow() + | + if i >= firstSpreadIndex(array) + then contents = DataFlow::ContentSet::arrayElement() // after a spread operator, store into unknown indices + else contents = DataFlow::ContentSet::arrayElementFromInt(i) + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(SpreadElement spread | + spread = any(ArrayExpr array).getAnElement() and + pred = spread.getOperand().flow() and + succ = spread.flow() and + contents = DataFlow::ContentSet::arrayElement() + ) + } +} + +pragma[nomagic] +private predicate isForLoopVariable(Variable v) { + v.getADeclarationStatement() = any(ForStmt stmt).getInit() + or + // Handle the somewhat rare case: `for (v; ...; ++v) { ... }` + v.getADeclaration() = any(ForStmt stmt).getInit() +} + +private predicate isLikelyArrayIndex(Expr e) { + // Require that 'e' is of type number and refers to a for-loop variable. + // TODO: This is here to mirror the old behaviour. Experiment with turning the 'and' into an 'or'. + TTNumber() = unique(InferredType type | type = e.flow().analyze().getAType()) and + isForLoopVariable(e.(VarAccess).getVariable()) + or + e.(PropAccess).getPropertyName() = "length" +} + +/** + * A dynamic property store `obj[e] = rhs` seen as a potential array access. + * + * We need to restrict to cases where `e` is likely to be an array index, as + * propagating data between arbitrary unknown property accesses is too imprecise. + */ +class DynamicArrayStoreStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Assignment assignment, IndexExpr lvalue | + lvalue = assignment.getLhs() and + not exists(lvalue.getPropertyName()) and + isLikelyArrayIndex(lvalue.getPropertyNameExpr()) and + contents = DataFlow::ContentSet::arrayElement() and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = lvalue.getBase().flow() + | + pred = assignment.(Assignment).getRhs().flow() + or + // for compound assignments, use the result of the operator + pred = assignment.(CompoundAssignExpr).flow() + ) + } +} + +class ArrayConstructorSummary extends SummarizedCallable { + ArrayConstructorSummary() { this = "Array constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = arrayConstructorRef().getAnInvocation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[0..]" and + output = "ReturnValue" + } +} + +/** + * A call to `join` with a separator argument. + * + * Calls without separators are modelled in `StringConcatenation.qll`. + */ +class Join extends SummarizedCallable { + Join() { this = "Array#join" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "join" and + result.getNumArgument() = [0, 1] + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class CopyWithin extends SummarizedCallable { + CopyWithin() { this = "Array#copyWithin" } + + override InstanceCall getACallSimple() { result.getMethodName() = "copyWithin" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + or + // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class FlowIntoCallback extends SummarizedCallable { + FlowIntoCallback() { this = "Array method with flow into callback" } + + override InstanceCall getACallSimple() { + result.getMethodName() = ["every", "findIndex", "findLastIndex", "some"] + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class Filter extends SummarizedCallable { + Filter() { this = "Array#filter" } + + override InstanceCall getACallSimple() { result.getMethodName() = "filter" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + // Note: in case the filter condition acts as a barrier/sanitizer, + // it is up to the query to mark the 'filter' call as a barrier/sanitizer + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + ) + or + // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Fill extends SummarizedCallable { + Fill() { this = "Array#fill" } // TODO: clear contents if no interval is given + + override InstanceCall getACallSimple() { result.getMethodName() = "fill" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = ["ReturnValue.ArrayElement", "Argument[this].ArrayElement"] + } +} + +class FindLike extends SummarizedCallable { + FindLike() { this = "Array#find / Array#findLast" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["find", "findLast"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = ["Argument[0].Parameter[0]", "ReturnValue"] + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class FindLibrary extends SummarizedCallable { + FindLibrary() { this = "'array.prototype.find' / 'array-find'" } + + override DataFlow::CallNode getACallSimple() { + result = DataFlow::moduleImport(["array.prototype.find", "array-find"]).getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ArrayElement" and + output = ["Argument[1].Parameter[0]", "ReturnValue"] + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + ) + } +} + +class Flat extends SummarizedCallable { + private int depth; + + Flat() { this = "Array#flat(" + depth + ")" and depth in [1 .. 3] } + + override InstanceCall getACallSimple() { + result.getMethodName() = "flat" and + ( + result.getNumArgument() = 1 and + result.getArgument(0).getIntValue() = depth + or + depth = 1 and + result.getNumArgument() = 0 + ) + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]" + concat(int n | n in [0 .. depth] | ".ArrayElement") + or + exists(int partialDepth | partialDepth in [1 .. depth - 1] | + input = + "Argument[this]" + concat(int n | n in [0 .. partialDepth] | ".ArrayElement") + + ".WithoutArrayElement" + ) + ) and + output = "ReturnValue.ArrayElement" + } +} + +class FlatMap extends SummarizedCallable { + FlatMap() { this = "Array#flatMap" } + + override InstanceCall getACallSimple() { result.getMethodName() = "flatMap" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[1]" + or + input = "Argument[0].ReturnValue." + ["ArrayElement", "WithoutArrayElement"] and + output = "ReturnValue.ArrayElement" + ) + } +} + +private DataFlow::CallNode arrayFromCall() { + // TODO: update fromAsync model when async iterators are supported + result = arrayConstructorRef().getAMemberCall(["from", "fromAsync"]) + or + result = DataFlow::moduleImport("array-from").getACall() +} + +class From1Arg extends SummarizedCallable { + From1Arg() { this = "Array.from(arg)" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and result.getNumArgument() = 1 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0]." + ["SetElement", "IteratorElement"] and + output = "ReturnValue.ArrayElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.ArrayElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.ArrayElement.Member[1]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + or + // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class FromManyArg extends SummarizedCallable { + FromManyArg() { this = "Array.from(arg, callback, [thisArg])" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and + result.getNumArgument() > 1 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].MapKey" and + output = "Argument[1].Parameter[0].Member[0]" + or + input = "Argument[0].MapValue" and + output = "Argument[1].Parameter[0].Member[1]" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} + +class Map extends SummarizedCallable { + Map() { this = "Array#map" } + + override InstanceCall getACallSimple() { + // Note that this summary may spuriously apply to library methods named `map` such as from lodash/underscore. + // However, this will not cause spurious flow, because for such functions, the first argument will be an array, not a callback, + // and every part of the summary below uses Argument[0] in a way that requires it to be a callback. + result.getMethodName() = "map" + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class Of extends SummarizedCallable { + Of() { this = "Array.of" } + + override DataFlow::CallNode getACallSimple() { + result = arrayConstructorRef().getAMemberCall("of") + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + } +} + +class Pop extends SummarizedCallable { + Pop() { this = "Array#pop" } + + override InstanceCall getACallSimple() { result.getMethodName() = "pop" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class PushLike extends SummarizedCallable { + PushLike() { this = "Array#push / Array#unshift" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["push", "unshift"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = "Argument[this].ArrayElement" + } +} + +class ReduceLike extends SummarizedCallable { + ReduceLike() { this = "Array#reduce / Array#reduceRight" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reduce", "reduceRight"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * Signatures: + * reduce(callbackFn, [initialValue]) + * callbackfn(accumulator, currentValue, index, array) + */ + + ( + input = ["Argument[1]", "Argument[0].ReturnValue"] and + output = "Argument[0].Parameter[0]" // accumulator + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[1]" // currentValue + or + input = "Argument[this]" and + output = "Argument[0].Parameter[3]" // array + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class Reverse extends SummarizedCallable { + Reverse() { this = "Array#reverse / Array#toReversed" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reverse", "toReversed"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class Shift extends SummarizedCallable { + Shift() { this = "Array#shift" } + + override InstanceCall getACallSimple() { result.getMethodName() = "shift" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement[0]" and + output = "ReturnValue" + or + // ArrayElement[0] in the above summary is not automatically converted to a taint step, so manully add + // one from the array to the return value. + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Sort extends SummarizedCallable { + Sort() { this = "Array#sort / Array#toSorted" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["sort", "toSorted"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0,1]" + ) + } +} + +class Splice extends SummarizedCallable { + Splice() { this = "Array#splice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "splice" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = ["Argument[this].ArrayElement", "ReturnValue.ArrayElement"] + ) + } +} + +class ToSpliced extends SummarizedCallable { + ToSpliced() { this = "Array#toSpliced" } + + override InstanceCall getACallSimple() { result.getMethodName() = "toSpliced" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class ArrayCoercionPackage extends FunctionalPackageSummary { + ArrayCoercionPackage() { this = "ArrayCoercionPackage" } + + override string getAPackageName() { result = ["arrify", "array-ify"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0].WithoutArrayElement" and + output = "ReturnValue.ArrayElement" + ) + or + // Explicitly add a taint step since WithArrayElement is not implicitly converted to a taint step + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class ArrayCopyingPackage extends FunctionalPackageSummary { + ArrayCopyingPackage() { this = "ArrayCopyingPackage" } + + override string getAPackageName() { result = ["array-union", "array-uniq", "uniq"] } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class ArrayFlatteningPackage extends FunctionalPackageSummary { + ArrayFlatteningPackage() { this = "ArrayFlatteningPackage" } + + override string getAPackageName() { + result = ["array-flatten", "arr-flatten", "flatten", "array.prototype.flat"] + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + // TODO: properly support these. For the moment we're just adding parity with the old model + preservesValue = false and + input = "Argument[0..]" and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll new file mode 100644 index 00000000000..a39b0e6f43d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll @@ -0,0 +1,104 @@ +/** + * Contains flow steps to model flow through `async` functions and the `await` operator. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Steps modelling flow in an `async` function. + * + * Note about promise-coercion and flattening: + * - `await` preserves non-promise values, e.g. `await "foo"` is just `"foo"`. + * - `return` preserves existing promise values, and boxes other values in a promise. + * + * We rely on `expectsContent` and `clearsContent` to handle coercion/flattening without risk of creating a nested promise object. + * + * The following is a brief overview of the steps we generate: + * ```js + * async function foo() { + * await x; // x --- READ[promise-value] ---> await x + * await x; // x --- VALUE -----------------> await x (has clearsContent) + * await x; // x --- READ[promise-error] ---> exception target + * + * return x; // x --- VALUE --> return node (has expectsContent) + * return x; // x --- VALUE --> synthetic node (clearsContent) --- STORE[promise-value] --> return node + * + * // exceptional return node --> STORE[promise-error] --> return node + * } + * ``` + */ +class AsyncAwait extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // We synthesize a clearsContent node to contain the values that need to be boxed in a promise before returning + node.(Function).isAsync() and + container.asSourceCallable() = node and + tag = "async-raw-return" + } + + override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + node = getSynthesizedNode(_, "async-raw-return") and + contents = DataFlow::ContentSet::promiseFilter() + or + // The result of 'await' cannot be a promise. This is needed for the local flow step into 'await' + node.asExpr() instanceof AwaitExpr and + contents = DataFlow::ContentSet::promiseFilter() + } + + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // The final return value must be a promise. This is needed for the local flow step into the return node. + exists(Function f | + f.isAsync() and + node = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseFilter() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + exists(AwaitExpr await | + // Allow non-promise values to propagate through await. + pred = await.getOperand().flow() and + succ = await.flow() // clears promise-content + ) + or + exists(Function f | + // To avoid creating a nested promise, flow to two different nodes which only permit promises/non-promises respectively + f.isAsync() and + pred = f.getAReturnedExpr().flow() + | + succ = getSynthesizedNode(f, "async-raw-return") // clears promise-content + or + succ = TFunctionReturnNode(f) // expects promise-content + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(AwaitExpr await | pred = await.getOperand().flow() | + contents = DataFlow::ContentSet::promiseValue() and + succ = await.flow() + or + contents = DataFlow::ContentSet::promiseError() and + succ = await.getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Function f | f.isAsync() | + // Box returned non-promise values in a promise + pred = getSynthesizedNode(f, "async-raw-return") and + contents = DataFlow::ContentSet::promiseValue() and + succ = TFunctionReturnNode(f) + or + // Store thrown exceptions in promise-error + pred = TExceptionalFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseError() and + succ = TFunctionReturnNode(f) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll new file mode 100644 index 00000000000..2976b467315 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/DynamicImportStep.qll @@ -0,0 +1,39 @@ +/** + * Contains flow steps to model flow from a module into a dynamic `import()` expression. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Flow steps for dynamic import expressions. + * + * The default export of the imported module must be boxed in a promise, so we pass + * it through a synthetic node. + */ +class DynamicImportStep extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + node instanceof DynamicImportExpr and + tag = "imported-value" and + container.asSourceCallable() = node.getContainer() + } + + override predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(DynamicImportExpr expr | + pred = expr.getImportedModule().getAnExportedValue("default") and + succ = getSynthesizedNode(expr, "imported-value") + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DynamicImportExpr expr | + pred = getSynthesizedNode(expr, "imported-value") and + contents = DataFlow::ContentSet::promiseValue() and + succ = TValueNode(expr) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll new file mode 100644 index 00000000000..252baab207b --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll @@ -0,0 +1,48 @@ +/** + * Contains a summary for propagating exceptions out of callbacks + */ + +private import javascript +private import FlowSummaryUtil +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.internal.flow_summaries.Promises + +private predicate isCallback(DataFlow::SourceNode node) { + node instanceof DataFlow::FunctionNode + or + node instanceof DataFlow::PartialInvokeNode + or + exists(DataFlow::SourceNode prev | + isCallback(prev) and + DataFlow::argumentPassingStep(_, prev.getALocalUse(), _, node) + ) +} + +/** + * Summary that propagates exceptions out of callbacks back to the caller. + * + * This summary only applies to calls that have no other call targets. + * See also `FlowSummaryDefaultExceptionalReturn`, which handles calls that have a summary target, + * but where the summary does not mention `ReturnValue[exception]`. + */ +private class ExceptionFlowSummary extends SummarizedCallable, LibraryCallableInternal { + ExceptionFlowSummary() { this = "Exception propagator" } + + override DataFlow::CallNode getACallStage2() { + not exists(result.getACallee()) and + not exists(SummarizedCallable c | result = [c.getACall(), c.getACallSimple()]) and + // Avoid a few common cases where the exception should not propagate back + not result.getCalleeName() = ["addEventListener", EventEmitter::on()] and + not result = promiseConstructorRef().getAnInvocation() and + // Restrict to cases where a callback is known to flow in, as lambda flow in DataFlowImplCommon blows up otherwise + isCallback(result.getAnArgument().getALocalSource()) + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..].ReturnValue[exception]" and + output = "ReturnValue[exception]" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll new file mode 100644 index 00000000000..a5df1d4716a --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll @@ -0,0 +1,51 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.Contents::Private + +/** + * A method call or a reflective invocation (`call` or `apply`) that takes a receiver. + * + * Note that `DataFlow::MethodCallNode` does not include reflective invocation. + */ +class InstanceCall extends DataFlow::CallNode { + InstanceCall() { exists(this.getReceiver()) } + + /** Gets the name of method being invoked */ + string getMethodName() { result = this.getCalleeName() } +} + +/** + * A summary a function that is the default export from an NPM package. + */ +abstract class FunctionalPackageSummary extends SummarizedCallable { + bindingset[this] + FunctionalPackageSummary() { any() } + + /** Gets a name of a package for which this summary applies. */ + abstract string getAPackageName(); + + override DataFlow::InvokeNode getACallSimple() { + result = DataFlow::moduleImport(this.getAPackageName()).getAnInvocation() + } + + override DataFlow::InvokeNode getACall() { + result = API::moduleImport(this.getAPackageName()).getAnInvocation() + } +} + +/** + * Gets a content from a set of contents that together represent all valid array indices. + * + * This can be used to generate flow summaries that should preserve precise array indices, + * in cases where `WithArrayElement` is not sufficient. + */ +string getAnArrayContent() { + // Values stored at a known, small index + result = "ArrayElement[" + getAPreciseArrayIndex() + "!]" + or + // Values stored at a known, but large index + result = "ArrayElement[" + (getMaxPreciseArrayIndex() + 1) + "..]" + or + // Values stored at an unknown index + result = "ArrayElement[?]" +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll new file mode 100644 index 00000000000..ecc84170026 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll @@ -0,0 +1,59 @@ +/** + * Contains flow steps to model flow through `for..of` loops. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +class ForOfLoopStep extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // Intermediate nodes to convert (MapKey, MapValue) to a `[key, value]` array. + // + // For the loop `for (let lvalue of domain)` we generate the following steps: + // + // domain --- READ[MapKey] ---> synthetic node 1 --- STORE[0] ---> lvalue + // domain --- READ[MapValue] ---> synthetic node 2 --- STORE[1] ---> lvalue + // + node instanceof ForOfStmt and + tag = ["for-of-map-key", "for-of-map-value"] and + container.asSourceCallable() = node.getContainer() + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | pred = stmt.getIterationDomain().flow() | + contents = + [ + DataFlow::ContentSet::arrayElement(), DataFlow::ContentSet::setElement(), + DataFlow::ContentSet::iteratorElement() + ] and + succ = DataFlow::lvalueNode(stmt.getLValue()) + or + contents = DataFlow::ContentSet::mapKey() and + succ = getSynthesizedNode(stmt, "for-of-map-key") + or + contents = DataFlow::ContentSet::mapValueAll() and + succ = getSynthesizedNode(stmt, "for-of-map-value") + or + contents = DataFlow::ContentSet::iteratorError() and + succ = stmt.getIterationDomain().getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | + pred = getSynthesizedNode(stmt, "for-of-map-key") and + contents.asSingleton().asArrayIndex() = 0 + or + pred = getSynthesizedNode(stmt, "for-of-map-value") and + contents.asSingleton().asArrayIndex() = 1 + | + succ = DataFlow::lvalueNode(stmt.getLValue()) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll new file mode 100644 index 00000000000..e187b5751cf --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll @@ -0,0 +1,59 @@ +/** + * Contains flow steps to model flow through generator functions. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal + +/** + * Steps modelling flow out of a generator function: + * ```js + * function* foo() { + * yield x; // store 'x' in the return value's IteratorElement + * yield* y; // flow directly to return value, which has expectsContent, so only iterator contents can pass through. + * throw z; // store 'z' in the return value's IteratorError + * } + * ``` + */ +class GeneratorFunctionStep extends AdditionalFlowInternal { + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // Ensure that the return value can only return iterator contents. This is needed for 'yield*'. + exists(Function fun | + fun.isGenerator() and + node = TFunctionReturnNode(fun) and + contents = DataFlow::ContentSet::iteratorFilter() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + // `yield x`. Store into the return value's iterator element. + exists(Function fun, YieldExpr yield | fun.isGenerator() | + not yield.isDelegating() and + yield.getContainer() = fun and + pred = yield.getOperand().flow() and + contents = DataFlow::ContentSet::iteratorElement() and + succ = TFunctionReturnNode(fun) + ) + or + exists(Function f | f.isGenerator() | + // Store thrown exceptions in the iterator-error + pred = TExceptionalFunctionReturnNode(f) and + succ = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::iteratorError() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // `yield* x`. Flow into the return value, which has expectsContent, so only iterator contents can pass through. + exists(Function fun, YieldExpr yield | + fun.isGenerator() and + yield.getContainer() = fun and + yield.isDelegating() and + pred = yield.getOperand().flow() and + succ = TFunctionReturnNode(fun) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll new file mode 100644 index 00000000000..e9937363c01 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll @@ -0,0 +1,29 @@ +/** + * Contains flow summaries and steps modelling flow through iterators. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import FlowSummaryUtil + +class IteratorNext extends SummarizedCallable { + IteratorNext() { this = "Iterator#next" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "next" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].IteratorElement" and + output = "ReturnValue.Member[value]" + or + input = "Argument[this].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll new file mode 100644 index 00000000000..ecd2dcdfc79 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll @@ -0,0 +1,20 @@ +/** + * Contains implicit read steps at the input to any function that converts a deep object to a string, such as `JSON.stringify`. + */ + +private import javascript +private import FlowSummaryUtil +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.FlowSummary + +private class JsonStringifySummary extends SummarizedCallable { + JsonStringifySummary() { this = "JSON.stringify" } + + override DataFlow::InvokeNode getACall() { result instanceof JsonStringifyCall } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + input = ["Argument[0]", "Argument[0].AnyMemberDeep"] and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll new file mode 100644 index 00000000000..61cc1d148c6 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll @@ -0,0 +1,140 @@ +/** + * Contains flow summaries and steps modelling flow through `Map` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode mapConstructorRef() { result = DataFlow::globalVarRef("Map") } + +class MapConstructor extends SummarizedCallable { + MapConstructor() { this = "Map constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = mapConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[0]" and + output = "ReturnValue.MapKey" + or + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[1]" and + output = "ReturnValue.MapValue" + or + input = ["Argument[0].WithMapKey", "Argument[0].WithMapValue"] and + output = "ReturnValue" + ) + } +} + +/** + * A read step for `Map#get`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapGetStep extends DataFlow::AdditionalFlowStep { + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + pred = call.getReceiver() and + succ = call + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueAll() + ) + } +} + +/** + * A read step for `Map#set`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapSetStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "set" and + call.getNumArgument() = 2 and + pred = call.getArgument(1) and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = call.getReceiver() + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueWithUnknownKey() + ) + } +} + +class MapGet extends SummarizedCallable { + MapGet() { this = "Map#get" } + + override DataFlow::MethodCallNode getACallSimple() { + none() and // TODO: Disabled for now - need MaD syntax for known map values + result.getMethodName() = "get" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].MapValue" and + output = "ReturnValue" + } +} + +class MapSet extends SummarizedCallable { + MapSet() { this = "Map#set" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "set" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = ["Argument[this].WithMapKey", "Argument[this].WithMapValue"] and + output = "ReturnValue" + or + preservesValue = true and + none() and // TODO: Disabled for now - need MaD syntax for known map values + ( + input = "Argument[0]" and + output = "Argument[this].MapKey" + or + input = "Argument[1]" and + output = "Argument[this].MapValue" + ) + } +} + +class MapGroupBy extends SummarizedCallable { + MapGroupBy() { this = "Map#groupBy" } + + override DataFlow::CallNode getACallSimple() { + result = mapConstructorRef().getAMemberCall("groupBy") and + result.getNumArgument() = 2 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ArrayElement" and + output = ["Argument[1].Parameter[0]", "ReturnValue.MapValue.ArrayElement"] + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue.MapKey" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll new file mode 100644 index 00000000000..33299a3f5c0 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll @@ -0,0 +1,324 @@ +/** + * Contains flow summaries and steps modelling flow through `Promise` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +DataFlow::SourceNode promiseConstructorRef() { + result = Promises::promiseConstructorRef() + or + result = DataFlow::moduleImport("bluebird") + or + result = DataFlow::moduleMember(["q", "kew", "bluebird"], "Promise") // note: bluebird.Promise == bluebird + or + result = Closure::moduleImport("goog.Promise") +} + +// +// Note that the 'Awaited' token has a special interpretation. +// See a write-up here: https://github.com/github/codeql-javascript-team/issues/423 +// +private class PromiseConstructor extends SummarizedCallable { + PromiseConstructor() { this = "new Promise()" } + + override DataFlow::InvokeNode getACallSimple() { + // Disabled for now. The field-flow branch limit will be negatively affected by having + // calls to multiple variants of `new Promise()`. + none() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: when FlowSummaryImpl.qll supports these summaries, remove the workaround in PromiseConstructorWorkaround + // resolve(value) + input = "Argument[0].Parameter[0].Argument[0]" and output = "ReturnValue.Awaited" + or + // reject(value) + input = "Argument[0].Parameter[1].Argument[0]" and output = "ReturnValue.Awaited[error]" + or + // throw from executor + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + ) + } +} + +/** + * A workaround to the `PromiseConstructor`, to be used until FlowSummaryImpl.qll has sufficient support + * for callbacks. + */ +module PromiseConstructorWorkaround { + class ResolveSummary extends SummarizedCallable { + ResolveSummary() { this = "new Promise() resolve callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(0).getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[resolve-value]" + } + } + + class RejectCallback extends SummarizedCallable { + RejectCallback() { this = "new Promise() reject callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(1).getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[reject-value]" + } + } + + class ConstructorSummary extends SummarizedCallable { + ConstructorSummary() { this = "new Promise() workaround" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Parameter[0].Member[resolve-value]" and + output = "ReturnValue.Awaited" + or + input = "Argument[0].Parameter[1].Member[reject-value]" and + output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and + output = "ReturnValue.Awaited[error]" + ) + } + } +} + +private class PromiseThen2Arguments extends SummarizedCallable { + PromiseThen2Arguments() { this = "Promise#then() with 2 arguments" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0,1].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0,1].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[1].Parameter[0]" + ) + } +} + +private class PromiseThen1Argument extends SummarizedCallable { + PromiseThen1Argument() { this = "Promise#then() with 1 argument" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].WithAwaited[error]" and output = "ReturnValue" + ) + } +} + +private class PromiseCatch extends SummarizedCallable { + PromiseCatch() { this = "Promise#catch()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "catch" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "ReturnValue.Awaited[value]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[0].Parameter[0]" + ) + } +} + +private class PromiseFinally extends SummarizedCallable { + PromiseFinally() { this = "Promise#finally()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "finally" } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue.Awaited[error]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].WithAwaited[value,error]" and output = "ReturnValue" + ) + } +} + +private class PromiseResolve extends SummarizedCallable { + PromiseResolve() { this = "Promise.resolve()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("resolve") + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseReject extends SummarizedCallable { + PromiseReject() { this = "Promise.reject()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("reject") + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited[error]" + } +} + +private class PromiseAll extends SummarizedCallable { + PromiseAll() { this = "Promise.all()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("all") + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ) + or + preservesValue = true and + input = "Argument[0].ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + or + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +private class PromiseAnyLike extends SummarizedCallable { + PromiseAnyLike() { this = "Promise.any() or Promise.race()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["any", "race", "firstFulfilled"]) + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseAllSettled extends SummarizedCallable { + PromiseAllSettled() { this = "Promise.allSettled()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("allSettled") + or + result = DataFlow::moduleImport("promise.allsettled").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ".Member[value]" + or + input = "Argument[0]." + content + ".Awaited[error]" and + output = "ReturnValue.Awaited[value]." + content + ".Member[reason]" + ) + } +} + +private class BluebirdMapSeries extends SummarizedCallable { + BluebirdMapSeries() { this = "bluebird.mapSeries" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("mapSeries") + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Awaited.ArrayElement.Awaited" and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].Awaited.ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[0].WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue.Awaited" and + output = "ReturnValue.Awaited.ArrayElement" + or + input = "Argument[1].ReturnValue.WithAwaited[error]" and + output = "ReturnValue" + ) + } +} + +/** + * - `Promise.withResolvers`, a method pending standardization, + * - `goog.Closure.withResolver()` (non-plural spelling) + * - `bluebird.Promise.defer()` + */ +private class PromiseWithResolversLike extends SummarizedCallable { + PromiseWithResolversLike() { this = "Promise.withResolvers()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["withResolver", "withResolvers", "defer"]) + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: not currently supported by FlowSummaryImpl.qll + input = "ReturnValue.Member[resolve].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited" + or + input = "ReturnValue.Member[reject].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited[error]" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll new file mode 100644 index 00000000000..34f7d222df8 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll @@ -0,0 +1,46 @@ +/** + * Contains flow summaries and steps modelling flow through `Set` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode setConstructorRef() { result = DataFlow::globalVarRef("Set") } + +class SetConstructor extends SummarizedCallable { + SetConstructor() { this = "Set constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = setConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "ReturnValue.SetElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.SetElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.SetElement.Member[1]" + ) + } +} + +class SetAdd extends SummarizedCallable { + SetAdd() { this = "Set#add" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "add" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[this].SetElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll new file mode 100644 index 00000000000..154668cde08 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -0,0 +1,101 @@ +/** + * Contains flow summaries and steps modelling flow through string methods. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary + +/** + * Summary for calls to `.replace` or `.replaceAll` (without a regexp pattern containing a wildcard). + */ +private class StringReplaceNoWildcard extends SummarizedCallable { + StringReplaceNoWildcard() { + this = "String#replace / String#replaceAll (without wildcard pattern)" + } + + override StringReplaceCall getACall() { not result.hasRegExpContainingWildcard() } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +/** + * Summary for calls to `.replace` or `.replaceAll` (with a regexp pattern containing a wildcard). + * + * In this case, the receiver is considered to flow into the callback. + */ +private class StringReplaceWithWildcard extends SummarizedCallable { + StringReplaceWithWildcard() { + this = "String#replace / String#replaceAll (with wildcard pattern)" + } + + override StringReplaceCall getACall() { result.hasRegExpContainingWildcard() } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = ["ReturnValue", "Argument[1].Parameter[0]"] + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class StringSplit extends SummarizedCallable { + StringSplit() { this = "String#split" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "split" and + result.getNumArgument() = [1, 2] and + not result.getArgument(0).getStringValue() = ["#", "?"] + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue.ArrayElement" + } +} + +/** + * A call of form `x.split("#")` or `x.split("?")`. + * + * These are of special significance when tracking a tainted URL suffix, such as `window.location.href`, + * because the first element of the resulting array should not be considered tainted. + * + * This summary defaults to the same behaviour as the general `.split()` case, but it contains optional steps + * and barriers named `tainted-url-suffix` that should be activated when tracking a tainted URL suffix. + */ +class StringSplitHashOrQuestionMark extends SummarizedCallable { + StringSplitHashOrQuestionMark() { this = "String#split with '#' or '?'" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "split" and + result.getNumArgument() = [1, 2] and + result.getArgument(0).getStringValue() = ["#", "?"] + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this].OptionalBarrier[split-url-suffix]" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[this].OptionalStep[split-url-suffix-pre]" and + output = "ReturnValue.ArrayElement[0]" + or + input = "Argument[this].OptionalStep[split-url-suffix-post]" and + output = "ReturnValue.ArrayElement[1]" // TODO: support ArrayElement[1..] + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/CommonFlowState.qll b/javascript/ql/lib/semmle/javascript/security/CommonFlowState.qll new file mode 100644 index 00000000000..52e1e0d00f3 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/CommonFlowState.qll @@ -0,0 +1,90 @@ +/** + * Contains a class with flow states that are used by multiple queries. + */ + +private import javascript +private import TaintedUrlSuffixCustomizations +private import TaintedObjectCustomizations + +private newtype TFlowState = + TTaint() or + TTaintedUrlSuffix() or + TTaintedPrefix() or + TTaintedObject() + +/** + * A flow state indicating which part of a value is tainted. + */ +class FlowState extends TFlowState { + /** + * Holds if this represents a value that is considered entirely tainted, except the first character + * might not be user-controlled. + */ + predicate isTaint() { this = TTaint() } + + /** + * Holds if this represents a URL whose fragment and/or query parts are considered tainted. + */ + predicate isTaintedUrlSuffix() { this = TTaintedUrlSuffix() } + + /** + * Holds if this represents a string whose prefix is known to be tainted. + */ + predicate isTaintedPrefix() { this = TTaintedPrefix() } + + /** + * Holds if this represents a deeply tainted object, such as a JSON object + * parsed from user-controlled data. + */ + predicate isTaintedObject() { this = TTaintedObject() } + + /** Gets a string representation of this flow state. */ + string toString() { + this.isTaint() and result = "taint" + or + this.isTaintedUrlSuffix() and result = "tainted-url-suffix" + or + this.isTaintedPrefix() and result = "tainted-prefix" + or + this.isTaintedObject() and result = "tainted-object" + } + + /** DEPRECATED. Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this.isTaint() and result.isTaint() + or + this.isTaintedUrlSuffix() and result = TaintedUrlSuffix::label() + or + this.isTaintedPrefix() and result = "PrefixString" + or + this.isTaintedObject() and result = TaintedObject::label() + } +} + +/** Convenience predicates for working with common flow states. */ +module FlowState { + /** + * Gets the flow state representing a value that is considered entirely tainted, except the first character + * might not be user-controlled. + */ + FlowState taint() { result.isTaint() } + + /** + * Gets the flow state representing a URL whose fragment and/or query parts are considered tainted. + */ + FlowState taintedUrlSuffix() { result.isTaintedUrlSuffix() } + + /** + * Gets the flow state representing a string whose prefix is known to be tainted. + */ + FlowState taintedPrefix() { result.isTaintedPrefix() } + + /** + * Gets the flow state representing a deeply tainted object, such as a JSON object + * parsed from user-controlled data. + */ + FlowState taintedObject() { result.isTaintedObject() } + + /** DEPRECATED. Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } +} diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll index 3022bded373..a300291ae9c 100644 --- a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll +++ b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll @@ -7,10 +7,10 @@ * * To track deeply tainted objects, a flow-tracking configuration should generally include the following: * - * 1. One or more sinks associated with the label `TaintedObject::label()`. - * 2. The sources from `TaintedObject::isSource`. - * 3. The flow steps from `TaintedObject::step`. - * 4. The sanitizing guards `TaintedObject::SanitizerGuard`. + * 1. One or more sinks associated with the flow state `FlowState::taintedObject()`. + * 2. The sources from `TaintedObject::Source`. + * 3. The flow steps from `TaintedObject::isAdditionalFlowStep`. + * 4. The barriers from `TaintedObject::SanitizerGuard::getABarrierNode(state)`. */ import javascript @@ -22,56 +22,67 @@ module TaintedObject { import TaintedObjectCustomizations::TaintedObject // Materialize flow labels - private class ConcreteTaintedObjectLabel extends TaintedObjectLabel { + deprecated private class ConcreteTaintedObjectLabel extends TaintedObjectLabel { ConcreteTaintedObjectLabel() { this = this } } + /** + * DEPRECATED. Use `isAdditionalFlowStep(node1, state1, node2, state2)` instead. + */ + deprecated predicate step(Node src, Node trg, FlowLabel inlbl, FlowLabel outlbl) { + isAdditionalFlowStep(src, FlowState::fromFlowLabel(inlbl), trg, FlowState::fromFlowLabel(outlbl)) + } + /** * Holds for the flows steps that are relevant for tracking user-controlled JSON objects. */ - predicate step(Node src, Node trg, FlowLabel inlbl, FlowLabel outlbl) { + predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { // JSON parsers map tainted inputs to tainted JSON - inlbl.isDataOrTaint() and - outlbl = label() and + state1.isTaint() and + state2.isTaintedObject() and exists(JsonParserCall parse | - src = parse.getInput() and - trg = parse.getOutput() + node1 = parse.getInput() and + node2 = parse.getOutput() ) or // Property reads preserve deep object taint. - inlbl = label() and - outlbl = label() and - trg.(PropRead).getBase() = src + state1.isTaintedObject() and + state2.isTaintedObject() and + node2.(PropRead).getBase() = node1 or // Property projection preserves deep object taint - inlbl = label() and - outlbl = label() and - trg.(PropertyProjection).getObject() = src + state1.isTaintedObject() and + state2.isTaintedObject() and + node2.(PropertyProjection).getObject() = node1 or // Extending objects preserves deep object taint - inlbl = label() and - outlbl = label() and + state1.isTaintedObject() and + state2.isTaintedObject() and exists(ExtendCall call | - src = call.getAnOperand() and - trg = call + node1 = call.getAnOperand() and + node2 = call or - src = call.getASourceOperand() and - trg = call.getDestinationOperand().getALocalSource() + node1 = call.getASourceOperand() and + node2 = call.getDestinationOperand().getALocalSource() ) or // Spreading into an object preserves deep object taint: `p -> { ...p }` - inlbl = label() and - outlbl = label() and + state1.isTaintedObject() and + state2.isTaintedObject() and exists(ObjectLiteralNode obj | - src = obj.getASpreadProperty() and - trg = obj + node1 = obj.getASpreadProperty() and + node2 = obj ) } /** + * DEPRECATED. Use the `Source` class and `FlowState#isTaintedObject()` directly. + * * Holds if `node` is a source of JSON taint and label is the JSON taint label. */ - predicate isSource(Node source, FlowLabel label) { source instanceof Source and label = label() } + deprecated predicate isSource(Node source, FlowLabel label) { + source instanceof Source and label = label() + } /** Request input accesses as a JSON source. */ private class RequestInputAsSource extends Source { @@ -81,7 +92,37 @@ module TaintedObject { /** * A sanitizer guard that blocks deep object taint. */ - abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode { } + abstract class SanitizerGuard extends DataFlow::Node { + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** Holds if this node blocks flow of `state` through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + deprecated private class SanitizerGuardLegacy extends TaintTracking::LabeledSanitizerGuardNode instanceof SanitizerGuard + { + deprecated override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + SanitizerGuard.super.sanitizes(outcome, e, label) + } + + deprecated override predicate sanitizes(boolean outcome, Expr e) { + SanitizerGuard.super.sanitizes(outcome, e) + } + } + + /** + * A sanitizer guard that blocks deep object taint. + */ + module SanitizerGuard = DataFlow::MakeStateBarrierGuard; /** * A test of form `typeof x === "something"`, preventing `x` from being an object in some cases. @@ -103,10 +144,10 @@ module TaintedObject { ) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { polarity = outcome and e = operand and - label = label() + state.isTaintedObject() } } @@ -117,7 +158,7 @@ module TaintedObject { NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A guard that checks whether an input a valid string identifier using `mongoose.Types.ObjectId.isValid` */ @@ -131,8 +172,8 @@ module TaintedObject { .getACall() } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel lbl) { - e = super.getAnArgument().asExpr() and outcome = true and lbl = label() + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + e = super.getAnArgument().asExpr() and outcome = true and state.isTaintedObject() } } @@ -145,10 +186,10 @@ module TaintedObject { JsonSchemaValidationGuard() { this = call.getAValidationResultAccess(polarity) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { outcome = polarity and e = call.getInput().asExpr() and - label = label() + state.isTaintedObject() } } } diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedObjectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/TaintedObjectCustomizations.qll index 8e0fd38f15a..5dc687deeca 100644 --- a/javascript/ql/lib/semmle/javascript/security/TaintedObjectCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/TaintedObjectCustomizations.qll @@ -7,8 +7,10 @@ import javascript /** Provides classes and predicates for reasoning about deeply tainted objects. */ module TaintedObject { + import CommonFlowState + /** A flow label representing a deeply tainted object. */ - abstract class TaintedObjectLabel extends DataFlow::FlowLabel { + abstract deprecated class TaintedObjectLabel extends DataFlow::FlowLabel { TaintedObjectLabel() { this = "tainted-object" } } @@ -19,7 +21,7 @@ module TaintedObject { * * Note that the presence of the this label generally implies the presence of the `taint` label as well. */ - DataFlow::FlowLabel label() { result instanceof TaintedObjectLabel } + deprecated DataFlow::FlowLabel label() { result instanceof TaintedObjectLabel } /** * A source of a user-controlled deep object. diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll b/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll index 68a4f1c8d8e..1d4ff0c4b7f 100644 --- a/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll +++ b/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll @@ -10,105 +10,9 @@ import javascript * which we collectively refer to as the "suffix" of the URL. */ module TaintedUrlSuffix { - private import DataFlow + import TaintedUrlSuffixCustomizations::TaintedUrlSuffix - /** - * The flow label representing a URL with a tainted query and fragment part. - * - * Can also be accessed using `TaintedUrlSuffix::label()`. - */ - class TaintedUrlSuffixLabel extends FlowLabel { - TaintedUrlSuffixLabel() { this = "tainted-url-suffix" } - } - - /** - * Gets the flow label representing a URL with a tainted query and fragment part. - */ - FlowLabel label() { result instanceof TaintedUrlSuffixLabel } - - /** Gets a remote flow source that is a tainted URL query or fragment part from `window.location`. */ - ClientSideRemoteFlowSource source() { - result = DOM::locationRef().getAPropertyRead(["search", "hash"]) - or - result = DOM::locationSource() - or - result.getKind().isUrl() - } - - /** Holds for `pred -> succ` is a step of form `x -> x.p` */ - private predicate isSafeLocationProp(DataFlow::PropRead read) { - // Ignore properties that refer to the scheme, domain, port, auth, or path. - read.getPropertyName() = - [ - "protocol", "scheme", "host", "hostname", "domain", "origin", "port", "path", "pathname", - "username", "password", "auth" - ] - } - - /** - * Holds if there is a flow step `src -> dst` involving the URL suffix taint label. - * - * This handles steps through string operations, promises, URL parsers, and URL accessors. - */ - predicate step(Node src, Node dst, FlowLabel srclbl, FlowLabel dstlbl) { - // Inherit all ordinary taint steps except `x -> x.p` steps - srclbl = label() and - dstlbl = label() and - TaintTracking::sharedTaintStep(src, dst) and - not isSafeLocationProp(dst) - or - // Transition from URL suffix to full taint when extracting the query/fragment part. - srclbl = label() and - dstlbl.isTaint() and - ( - exists(MethodCallNode call, string name | - src = call.getReceiver() and - dst = call and - name = call.getMethodName() - | - // Substring that is not a prefix - name = StringOps::substringMethodName() and - not call.getArgument(0).getIntValue() = 0 - or - // Split around '#' or '?' and extract the suffix - name = "split" and - call.getArgument(0).getStringValue() = ["#", "?"] and - not exists(call.getAPropertyRead("0")) // Avoid false flow to the prefix - or - // Replace '#' and '?' with nothing - name = "replace" and - call.getArgument(0).getStringValue() = ["#", "?"] and - call.getArgument(1).getStringValue() = "" - or - // The `get` call in `url.searchParams.get(x)` and `url.hashParams.get(x)` - // The step should be safe since nothing else reachable by this flow label supports a method named 'get'. - name = "get" - or - // Methods on URL objects from the Closure library - name = "getDecodedQuery" - or - name = "getFragment" - or - name = "getParameterValue" - or - name = "getParameterValues" - or - name = "getQueryData" - ) - or - exists(PropRead read | - src = read.getBase() and - dst = read and - // Unlike the `search` property, the `query` property from `url.parse` does not include the `?`. - read.getPropertyName() = "query" - ) - or - // Assume calls to regexp.exec always extract query/fragment parameters. - exists(MethodCallNode call | - call = any(RegExpLiteral re).flow().(DataFlow::SourceNode).getAMethodCall("exec") and - src = call.getArgument(0) and - dst = call - ) - ) + deprecated private class ConcreteTaintedUrlSuffixLabel extends TaintedUrlSuffixLabel { + ConcreteTaintedUrlSuffixLabel() { this = this } } } diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffixCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffixCustomizations.qll new file mode 100644 index 00000000000..ee6cf5da6d9 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffixCustomizations.qll @@ -0,0 +1,171 @@ +/** + * Provides a flow state for reasoning about URLs with a tainted query and fragment part, + * which we collectively refer to as the "suffix" of the URL. + */ + +import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate + +/** + * Provides a flow state for reasoning about URLs with a tainted query and fragment part, + * which we collectively refer to as the "suffix" of the URL. + */ +module TaintedUrlSuffix { + private import DataFlow + import CommonFlowState + + /** + * The flow label representing a URL with a tainted query and fragment part. + * + * Can also be accessed using `TaintedUrlSuffix::label()`. + */ + abstract deprecated class TaintedUrlSuffixLabel extends FlowLabel { + TaintedUrlSuffixLabel() { this = "tainted-url-suffix" } + } + + /** + * Gets the flow label representing a URL with a tainted query and fragment part. + */ + deprecated FlowLabel label() { result instanceof TaintedUrlSuffixLabel } + + /** Gets a remote flow source that is a tainted URL query or fragment part from `window.location`. */ + ClientSideRemoteFlowSource source() { + result = DOM::locationRef().getAPropertyRead(["search", "hash"]) + or + result = DOM::locationSource() + or + result.getKind().isUrl() + } + + /** + * DEPRECATED. Use `isStateBarrier(node, state)` instead. + * + * Holds if `node` should be a barrier for the given `label`. + * + * This should be used in the `isBarrier` predicate of a configuration that uses the tainted-url-suffix + * label. + */ + deprecated predicate isBarrier(Node node, FlowLabel label) { + isStateBarrier(node, FlowState::fromFlowLabel(label)) + } + + /** + * Holds if `node` should be blocked in `state`. + */ + predicate isStateBarrier(Node node, FlowState state) { + DataFlowPrivate::optionalBarrier(node, "split-url-suffix") and + state.isTaintedUrlSuffix() + } + + /** + * DEPRECATED. Use `isAdditionalFlowStep` instead. + */ + deprecated predicate step(Node src, Node dst, FlowLabel srclbl, FlowLabel dstlbl) { + isAdditionalFlowStep(src, FlowState::fromFlowLabel(srclbl), dst, + FlowState::fromFlowLabel(dstlbl)) + } + + /** + * Holds if there is a flow step `node1 -> node2` involving the URL suffix flow state. + * + * This handles steps through string operations, promises, URL parsers, and URL accessors. + */ + predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { + // Transition from tainted-url-suffix to general taint when entering the second array element + // of a split('#') or split('?') array. + // + // x [tainted-url-suffix] --> x.split('#') [array element 1] [taint] + // + // Technically we should also preverse tainted-url-suffix when entering the first array element of such + // a split, but this mostly leads to FPs since we currently don't track if the taint has been through URI-decoding. + // (The query/fragment parts are often URI-decoded in practice, but not the other URL parts are not) + state1.isTaintedUrlSuffix() and + state2.isTaint() and + DataFlowPrivate::optionalStep(node1, "split-url-suffix-post", node2) + or + // Transition from URL suffix to full taint when extracting the query/fragment part. + state1.isTaintedUrlSuffix() and + state2.isTaint() and + ( + exists(MethodCallNode call, string name | + node1 = call.getReceiver() and + node2 = call and + name = call.getMethodName() + | + // Substring that is not a prefix + name = StringOps::substringMethodName() and + not call.getArgument(0).getIntValue() = 0 + or + // Replace '#' and '?' with nothing + name = "replace" and + call.getArgument(0).getStringValue() = ["#", "?"] and + call.getArgument(1).getStringValue() = "" + or + // The `get` call in `url.searchParams.get(x)` and `url.hashParams.get(x)` + // The step should be safe since nothing else reachable by this flow label supports a method named 'get'. + name = "get" + or + // Methods on URL objects from the Closure library + name = "getDecodedQuery" + or + name = "getFragment" + or + name = "getParameterValue" + or + name = "getParameterValues" + or + name = "getQueryData" + ) + or + exists(PropRead read | + node1 = read.getBase() and + node2 = read and + // Unlike the `search` property, the `query` property from `url.parse` does not include the `?`. + read.getPropertyName() = "query" + ) + or + exists(MethodCallNode call, DataFlow::RegExpCreationNode re | + ( + call = re.getAMethodCall("exec") and + node1 = call.getArgument(0) and + node2 = call + or + call.getMethodName() = ["match", "matchAll"] and + re.flowsTo(call.getArgument(0)) and + node1 = call.getReceiver() and + node2 = call + ) + | + captureAfterSuffixIndicator(re.getRoot().getAChild*()) + or + // If the regexp is unknown, assume it will extract the URL suffix + not exists(re.getRoot()) + ) + ) + } + + /** Holds if the `n`th child of `seq` contains a character indicating that everything thereafter is part of the suffix */ + private predicate containsSuffixIndicator(RegExpSequence seq, int n) { + // Also include '=' as it usually only appears in the URL suffix + seq.getChild(n).getAChild*().(RegExpConstant).getValue().regexpMatch(".*[?#=].*") + } + + /** Holds if the `n`th child of `seq` contains a capture group. */ + private predicate containsCaptureGroup(RegExpSequence seq, int n) { + seq.getChild(n).getAChild*().(RegExpGroup).isCapture() + } + + /** + * Holds if `seq` contains a capture group that will likely match path of the URL suffix, + * thereby extracting tainted data. + * + * For example, `/#(.*)/.exec(url)` will extract the tainted URL suffix from `url`. + */ + private predicate captureAfterSuffixIndicator(RegExpSequence seq) { + exists(int suffix, int capture | + containsSuffixIndicator(seq, suffix) and + containsCaptureGroup(seq, capture) and + suffix < capture + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll index d0e4d56f630..90fb4b4ffa5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll @@ -19,7 +19,23 @@ import BrokenCryptoAlgorithmCustomizations::BrokenCryptoAlgorithm * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking flow for sensitive information in broken or weak cryptographic algorithms. + */ +module BrokenCryptoAlgorithmFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BrokenCryptoAlgorithmFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BrokenCryptoAlgorithm" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakCustomizations.qll index b3033eb4cd2..70641af0286 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakCustomizations.qll @@ -14,9 +14,11 @@ module BuildArtifactLeak { */ abstract class Sink extends DataFlow::Node { /** + * DEPRECATED. This query no longer uses flow state. + * * Gets a data-flow label that leaks information for this sink. */ - DataFlow::FlowLabel getLabel() { result.isTaint() } + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll index db48ae25952..5ccaeea6ad6 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll @@ -14,7 +14,33 @@ import CleartextLoggingCustomizations::CleartextLogging as CleartextLogging /** * A taint tracking configuration for storage of sensitive information in build artifact. */ -class Configuration extends TaintTracking::Configuration { +module BuildArtifactLeakConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof CleartextLogging::Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CleartextLogging::Barrier } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + CleartextLogging::isAdditionalTaintStep(node1, node2) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // All properties of a leaked object are themselves leaked. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for storage of sensitive information in build artifact. + */ +module BuildArtifactLeakFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BuildArtifactLeakFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BuildArtifactLeak" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll index b302a025b2c..5dca4cf1df2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll @@ -16,14 +16,20 @@ module CleartextLogging { /** Gets a string that describes the type of this data flow source. */ abstract string describe(); - abstract DataFlow::FlowLabel getLabel(); + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** * A data flow sink for clear-text logging of sensitive information. */ abstract class Sink extends DataFlow::Node { - DataFlow::FlowLabel getLabel() { result.isTaint() } + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** @@ -106,29 +112,28 @@ module CleartextLogging { abstract private class NonCleartextPassword extends DataFlow::Node { } /** - * An object with a property that may contain password information - * - * This is a source since `console.log(obj)` will show the properties of `obj`. + * A value stored in a property that may contain password information */ private class ObjectPasswordPropertySource extends DataFlow::ValueNode, Source { string name; ObjectPasswordPropertySource() { exists(DataFlow::PropWrite write | + write.getPropertyName() = name and name.regexpMatch(maybePassword()) and not name.regexpMatch(notSensitiveRegexp()) and - write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and + this = write.getRhs() and // avoid safe values assigned to presumably unsafe names - not write.getRhs() instanceof NonCleartextPassword + not this instanceof NonCleartextPassword ) } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } - /** An access to a variable or property that might contain a password. */ + /** + * An access to a variable or property that might contain a password. + */ private class ReadPasswordSource extends DataFlow::ValueNode, Source { string name; @@ -150,8 +155,6 @@ module CleartextLogging { } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** A call that might return a password. */ @@ -164,8 +167,6 @@ module CleartextLogging { } override string describe() { result = "a call to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** An access to the sensitive object `process.env`. */ @@ -173,8 +174,28 @@ module CleartextLogging { ProcessEnvSource() { this = NodeJSLib::process().getAPropertyRead("env") } override string describe() { result = "process environment" } + } - override DataFlow::FlowLabel getLabel() { result.isTaint() } + /** Gets a data flow node referring to `process.env`. */ + private DataFlow::SourceNode processEnv(DataFlow::TypeTracker t) { + t.start() and + result instanceof ProcessEnvSource + or + exists(DataFlow::TypeTracker t2 | result = processEnv(t2).track(t2, t)) + } + + /** Gets a data flow node referring to `process.env`. */ + DataFlow::SourceNode processEnv() { result = processEnv(DataFlow::TypeTracker::end()) } + + /** + * A property access on `process.env`, seen as a barrier. + */ + private class SafeEnvironmentVariableBarrier extends Barrier instanceof DataFlow::PropRead { + SafeEnvironmentVariableBarrier() { + this = processEnv().getAPropertyRead() and + // If the name is known, it should not be sensitive + not nameIndicatesSensitiveData(this.getPropertyName(), _) + } } /** @@ -186,26 +207,10 @@ module CleartextLogging { succ.(DataFlow::PropRead).getBase() = pred } - private class PropReadAsBarrier extends Barrier { - PropReadAsBarrier() { - this = any(DataFlow::PropRead read).getBase() and - // the 'foo' in 'foo.bar()' may have flow, we only want to suppress plain property reads - not this = any(DataFlow::MethodCallNode call).getReceiver() and - // do not block custom taint steps from this node - not isAdditionalTaintStep(this, _) - } - } - /** * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information. */ predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // A taint propagating data flow edge through objects: a tainted write taints the entire object. - exists(DataFlow::PropWrite write | - write.getRhs() = src and - trg.(DataFlow::SourceNode).flowsTo(write.getBase()) - ) - or // A property-copy step, // dst[x] = src[x] // dst[x] = JSON.stringify(src[x]) @@ -221,7 +226,7 @@ module CleartextLogging { not exists(read.getPropertyName()) and not isFilteredPropertyName(read.getPropertyNameExpr().flow().getALocalSource()) and src = read.getBase() and - trg = write.getBase().getALocalSource() + trg = write.getBase().getPostUpdateNode() ) or // Taint through the arguments object. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll index fe0a1073e08..9bb2ffa0a6a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll @@ -20,7 +20,38 @@ private import CleartextLoggingCustomizations::CleartextLogging as CleartextLogg * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module CleartextLoggingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Barrier } + + predicate isBarrierIn(DataFlow::Node node) { + // We rely on heuristic sources, which tends to cause sources to overlap + isSource(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + CleartextLogging::isAdditionalTaintStep(node1, node2) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Assume all properties of a logged object are themselves logged. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for clear-text logging of sensitive information. + */ +module CleartextLoggingFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CleartextLoggingFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CleartextLogging" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll index cb97badf0ec..d4ee8a8297d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll @@ -19,7 +19,20 @@ import CleartextStorageCustomizations::CleartextStorage * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module ClearTextStorageConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +module ClearTextStorageFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClearTextStorageFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClearTextStorage" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll index 8e5a46576f2..d26fe2d50e8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll @@ -14,7 +14,34 @@ import RequestForgeryCustomizations::RequestForgery /** * A taint tracking configuration for client-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideRequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Source src | + source = src and + not src.isServerSide() + ) + } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isAdditionalRequestForgeryStep(node1, node2) + } +} + +/** + * Taint tracking for client-side request forgery. + */ +module ClientSideRequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClientSideRequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideRequestForgery" } override predicate isSource(DataFlow::Node source) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll index e1d7f0a22c2..1b987ea2679 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll @@ -5,14 +5,20 @@ */ import javascript +private import semmle.javascript.security.TaintedUrlSuffixCustomizations module ClientSideUrlRedirect { + import semmle.javascript.security.CommonFlowState + /** * A data flow source for unvalidated URL redirect vulnerabilities. */ abstract class Source extends DataFlow::Node { - /** Gets a flow label to associate with this source. */ - DataFlow::FlowLabel getAFlowLabel() { result.isTaint() } + /** Gets a flow state to associate with this source. */ + FlowState getAFlowState() { result.isTaint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -31,12 +37,12 @@ module ClientSideUrlRedirect { abstract class Sanitizer extends DataFlow::Node { } /** + * DEPRECATED. Replaced by functionality from the `TaintedUrlSuffix` library. + * * A flow label for values that represent the URL of the current document, and * hence are only partially user-controlled. */ - abstract class DocumentUrl extends DataFlow::FlowLabel { - DocumentUrl() { this = "document.url" } - } + deprecated class DocumentUrl = TaintedUrlSuffix::TaintedUrlSuffixLabel; /** * DEPRECATED: Use `ActiveThreatModelSource` from Concepts instead! @@ -49,18 +55,26 @@ module ClientSideUrlRedirect { private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource { ActiveThreatModelSourceAsSource() { not this.(ClientSideRemoteFlowSource).getKind().isPath() } - override DataFlow::FlowLabel getAFlowLabel() { - if this.(ClientSideRemoteFlowSource).getKind().isUrl() - then result instanceof DocumentUrl - else result.isTaint() + override FlowState getAFlowState() { + if this = TaintedUrlSuffix::source() then result.isTaintedUrlSuffix() else result.isTaint() } } + /** + * Holds if `node` extracts a part of a URL that does not contain the suffix. + */ + pragma[inline] + deprecated predicate isPrefixExtraction(DataFlow::MethodCallNode node) { + // Block flow through prefix-extraction `substring(0, ...)` and `split("#")[0]` + node.getMethodName() = [StringOps::substringMethodName(), "split"] and + not untrustedUrlSubstring(_, node) + } + /** * Holds if `substring` refers to a substring of `base` which is considered untrusted * when `base` is the current URL. */ - predicate untrustedUrlSubstring(DataFlow::Node base, DataFlow::Node substring) { + deprecated predicate untrustedUrlSubstring(DataFlow::Node base, DataFlow::Node substring) { exists(DataFlow::MethodCallNode mcn, string methodName | mcn = substring and mcn.calls(base, methodName) | diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll index 0e1ceb955dd..bc0e1354757 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll @@ -10,16 +10,61 @@ import javascript import UrlConcatenation import ClientSideUrlRedirectCustomizations::ClientSideUrlRedirect +import semmle.javascript.security.TaintedUrlSuffix // Materialize flow labels -private class ConcreteDocumentUrl extends DocumentUrl { +deprecated private class ConcreteDocumentUrl extends DocumentUrl { ConcreteDocumentUrl() { this = this } } /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideUrlRedirectConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof Sink and state.isTaint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = HostnameSanitizerGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintedUrlSuffix::isStateBarrier(node, state) + } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isBarrierOut(DataFlow::Node node, FlowState state) { isSink(node, state) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedUrlSuffix::isAdditionalFlowStep(node1, state1, node2, state2) + or + exists(HtmlSanitizerCall call | + node1 = call.getInput() and + node2 = call and + state1 = state2 + ) + } +} + +/** + * Taint-tracking flow for reasoning about unvalidated URL redirections. + */ +module ClientSideUrlRedirectFlow = TaintTracking::GlobalWithState; + +/** + * A taint-tracking configuration for reasoning about unvalidated URL redirections. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideUrlRedirect" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { @@ -36,21 +81,23 @@ class Configuration extends TaintTracking::Configuration { override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel f, DataFlow::FlowLabel g + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - untrustedUrlSubstring(pred, succ) and - f instanceof DocumentUrl and - g.isTaint() + ClientSideUrlRedirectConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), + node2, FlowState::fromFlowLabel(state2)) or - // preserve document.url label in step from `location` to `location.href` - f instanceof DocumentUrl and - g instanceof DocumentUrl and - succ.(DataFlow::PropRead).accesses(pred, "href") - or - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call and - f = g + // Preserve document.url label in step from `location` to `location.href` or `location.toString()` + state1 instanceof DocumentUrl and + state2 instanceof DocumentUrl and + ( + node2.(DataFlow::PropRead).accesses(node1, "href") + or + exists(DataFlow::CallNode call | + call.getCalleeName() = "toString" and + node1 = call.getReceiver() and + node2 = call + ) ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll index ea57dd73588..811a9575504 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll @@ -13,7 +13,28 @@ import CodeInjectionCustomizations::CodeInjection /** * A taint-tracking configuration for reasoning about code injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module CodeInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // HTML sanitizers are insufficient protection against code injection + node1 = node2.(HtmlSanitizerCall).getInput() + } +} + +/** + * Taint-tracking for reasoning about code injection vulnerabilities. + */ +module CodeInjectionFlow = TaintTracking::Global; + +/** + * DEPRRECATED. Use the `CodeInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CodeInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -25,8 +46,7 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // HTML sanitizers are insufficient protection against code injection - src = trg.(HtmlSanitizerCall).getInput() + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + CodeInjectionConfig::isAdditionalFlowStep(node1, node2) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll index c8e11e04477..bb93c6320f1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll @@ -11,25 +11,41 @@ import javascript import CommandInjectionCustomizations::CommandInjection import IndirectCommandArgument +/** + * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ +predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) +} + /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module CommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module CommandInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CommandInjection" } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + override predicate isSource(DataFlow::Node source) { CommandInjectionConfig::isSource(source) } - /** - * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and - * the alert should be placed at the node `highlight`. - */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } + override predicate isSink(DataFlow::Node sink) { CommandInjectionConfig::isSink(sink) } - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } + override predicate isSanitizer(DataFlow::Node node) { CommandInjectionConfig::isBarrier(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll index 0d1319800a8..8db7c27b5f7 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll @@ -13,7 +13,28 @@ import ConditionalBypassCustomizations::ConditionalBypass /** * A taint tracking configuration for bypass of sensitive action guards. */ -class Configuration extends TaintTracking::Configuration { +module ConditionalBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // comparing a tainted expression against a constant gives a tainted result + node2.asExpr().(Comparison).hasOperands(node1.asExpr(), any(ConstantExpr c)) + } +} + +/** + * Taint tracking flow for bypass of sensitive action guards. + */ +module ConditionalBypassFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ConditionalBypassFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ConditionalBypass" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -26,8 +47,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - // comparing a tainted expression against a constant gives a tainted result - dst.asExpr().(Comparison).hasOperands(src.asExpr(), any(ConstantExpr c)) + ConditionalBypassConfig::isAdditionalFlowStep(src, dst) } } @@ -72,7 +92,67 @@ class SensitiveActionGuardComparisonOperand extends Sink { * If flow from `source` taints `sink`, then an attacker can * control if `action` should be executed or not. */ -predicate isTaintedGuardForSensitiveAction( +predicate isTaintedGuardNodeForSensitiveAction( + ConditionalBypassFlow::PathNode sink, ConditionalBypassFlow::PathNode source, + SensitiveAction action +) { + action = sink.getNode().(Sink).getAction() and + // exclude the intermediary sink + not sink.getNode() instanceof SensitiveActionGuardComparisonOperand and + ( + // ordinary taint tracking to a guard + ConditionalBypassFlow::flowPath(source, sink) + or + // taint tracking to both operands of a guard comparison + exists( + SensitiveActionGuardComparison cmp, ConditionalBypassFlow::PathNode lSource, + ConditionalBypassFlow::PathNode rSource, ConditionalBypassFlow::PathNode lSink, + ConditionalBypassFlow::PathNode rSink + | + sink.getNode() = cmp.getGuard() and + ConditionalBypassFlow::flowPath(lSource, lSink) and + lSink.getNode() = DataFlow::valueNode(cmp.getLeftOperand()) and + ConditionalBypassFlow::flowPath(rSource, rSink) and + rSink.getNode() = DataFlow::valueNode(cmp.getRightOperand()) + | + source = lSource or + source = rSource + ) + ) +} + +/** + * Holds if `e` effectively guards access to `action` by returning or throwing early. + * + * Example: `if (e) return; action(x)`. + */ +predicate isEarlyAbortGuardNode(ConditionalBypassFlow::PathNode e, SensitiveAction action) { + exists(IfStmt guard | + // `e` is in the condition of an if-statement ... + e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and + // ... where the then-branch always throws or returns + exists(Stmt abort | + abort instanceof ThrowStmt or + abort instanceof ReturnStmt + | + abort.nestedIn(guard) and + abort.getBasicBlock().(ReachableBasicBlock).postDominates(guard.getThen().getBasicBlock()) + ) and + // ... and the else-branch does not exist + not exists(guard.getElse()) + | + // ... and `action` is outside the if-statement + not action.asExpr().getEnclosingStmt().nestedIn(guard) + ) +} + +/** + * Holds if `sink` guards `action`, and `source` taints `sink`. + * + * If flow from `source` taints `sink`, then an attacker can + * control if `action` should be executed or not. + */ +deprecated predicate isTaintedGuardForSensitiveAction( DataFlow::PathNode sink, DataFlow::PathNode source, SensitiveAction action ) { action = sink.getNode().(Sink).getAction() and @@ -104,7 +184,7 @@ predicate isTaintedGuardForSensitiveAction( * * Example: `if (e) return; action(x)`. */ -predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { +deprecated predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { exists(IfStmt guard | // `e` is in the condition of an if-statement ... e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll index 57cabe0ea79..0be461f5118 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll @@ -14,7 +14,26 @@ import CorsMisconfigurationForCredentialsCustomizations::CorsMisconfigurationFor /** * A data flow configuration for CORS misconfiguration for credentials transfer. */ -class Configuration extends TaintTracking::Configuration { +module CorsMisconfigurationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +/** + * Data flow for CORS misconfiguration for credentials transfer. + */ +module CorsMisconfigurationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CorsMisconfigurationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CorsMisconfigurationForCredentials" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll index 58d8d02808e..eaac474b207 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll @@ -11,21 +11,26 @@ private import semmle.javascript.security.TaintedObjectCustomizations * DoS attacks due to inefficient handling of user-controlled objects. */ module DeepObjectResourceExhaustion { + import semmle.javascript.security.CommonFlowState + /** * A data flow source for inefficient handling of user-controlled objects. */ abstract class Source extends DataFlow::Node { - /** Gets a flow label to associate with this source. */ - DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() } + /** Gets a flow state to associate with this source. */ + FlowState getAFlowState() { result.isTaintedObject() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source { - override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() } + override FlowState getAFlowState() { result.isTaintedObject() } } /** An active threat-model source, considered as a flow source. */ private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { - override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() } + override FlowState getAFlowState() { result.isTaint() } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll index 918ef0663c8..ca40447145c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll @@ -11,7 +11,41 @@ import DeepObjectResourceExhaustionCustomizations::DeepObjectResourceExhaustion * A taint tracking configuration for reasoning about DoS attacks due to inefficient handling * of user-controlled objects. */ -class Configuration extends TaintTracking::Configuration { +module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof Sink and state.isTaintedObject() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + } +} + +/** + * Taint tracking for reasoning about DoS attacks due to inefficient handling + * of user-controlled objects. + */ +module DeepObjectResourceExhaustionFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "DeepObjectResourceExhaustion" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll index 045a33e3211..266d0b9413f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll @@ -14,19 +14,20 @@ import DifferentKindsComparisonBypassCustomizations::DifferentKindsComparisonByp /** * A taint tracking configuration for comparisons that relies on different kinds of HTTP request data. */ -private class Configuration extends TaintTracking::Configuration { - Configuration() { this = "DifferentKindsComparisonBypass" } +private module DifferentKindsComparisonBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * Taint tracking for comparisons that relies on different kinds of HTTP request data. + */ +private module DifferentKindsComparisonBypassFlow = + TaintTracking::Global; + /** * A comparison that relies on different kinds of HTTP request data. */ @@ -35,11 +36,9 @@ class DifferentKindsComparison extends Comparison { Source rSource; DifferentKindsComparison() { - exists(Configuration cfg | - cfg.hasFlow(lSource, DataFlow::valueNode(this.getLeftOperand())) and - cfg.hasFlow(rSource, DataFlow::valueNode(this.getRightOperand())) and - lSource.isSuspiciousToCompareWith(rSource) - ) + DifferentKindsComparisonBypassFlow::flow(lSource, DataFlow::valueNode(this.getLeftOperand())) and + DifferentKindsComparisonBypassFlow::flow(rSource, DataFlow::valueNode(this.getRightOperand())) and + lSource.isSuspiciousToCompareWith(rSource) } /** Gets the left operand source of this comparison. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index 72d9ae4e55a..b9f27c6a8c2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -8,6 +8,7 @@ private import semmle.javascript.dataflow.InferredTypes module DomBasedXss { private import Xss::Shared as Shared + import semmle.javascript.security.CommonFlowState /** A data flow source for DOM-based XSS vulnerabilities. */ abstract class Source extends Shared::Source { } @@ -18,6 +19,41 @@ module DomBasedXss { /** A sanitizer for DOM-based XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for any tainted value. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** * An expression whose value is interpreted as HTML * and may be inserted into the DOM through a library. @@ -293,6 +329,12 @@ module DomBasedXss { */ deprecated predicate isOptionallySanitizedEdge = isOptionallySanitizedEdgeInternal/2; + bindingset[call] + pragma[inline_late] + private SsaVariable getSanitizedSsaVariable(HtmlSanitizerCall call) { + call.getAnArgument().asExpr().(VarAccess).getVariable() = result.getSourceVariable() + } + private predicate isOptionallySanitizedEdgeInternal(DataFlow::Node pred, DataFlow::Node succ) { exists(HtmlSanitizerCall sanitizer | // sanitized = sanitize ? sanitizer(source) : source; @@ -312,7 +354,7 @@ module DomBasedXss { count(phi.getAnInput()) = 2 and not a = b and sanitizer = DataFlow::valueNode(a.getDef().getSource()) and - sanitizer.getAnArgument().asExpr().(VarAccess).getVariable() = b.getSourceVariable() + getSanitizedSsaVariable(sanitizer) = b | pred = DataFlow::ssaDefinitionNode(b) and succ = DataFlow::ssaDefinitionNode(phi) @@ -344,21 +386,20 @@ module DomBasedXss { /** * A flow-label representing tainted values where the prefix is attacker controlled. */ - abstract class PrefixString extends DataFlow::FlowLabel { + abstract deprecated class PrefixString extends DataFlow::FlowLabel { PrefixString() { this = "PrefixString" } } /** Gets the flow-label representing tainted values where the prefix is attacker controlled. */ - PrefixString prefixLabel() { any() } + deprecated PrefixString prefixLabel() { any() } /** * A sanitizer that blocks the `PrefixString` label when the start of the string is being tested as being of a particular prefix. */ - abstract class PrefixStringSanitizer extends TaintTracking::LabeledSanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + abstract class PrefixStringSanitizer extends BarrierGuard instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = super.getBaseString().asExpr() and - label = prefixLabel() and + state.isTaintedPrefix() and outcome = super.getPolarity() } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index 42ea977e26c..f27f61822a8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -20,121 +20,152 @@ class HtmlSink extends DataFlow::Node instanceof Sink { } /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about XSS by DOM manipulation. + * * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks. * - HTML sinks are sinks for any tainted value * - URL sinks are only sinks when the scheme is user controlled * - JQuery selector sinks are sinks when the tainted value can start with `<`. * - * The above is achieved using three flow labels: + * The above is achieved using three flow states: * - TaintedUrlSuffix: a URL where the attacker only controls a suffix. * - Taint: a tainted value where the attacker controls part of the value. * - PrefixLabel: a tainted value where the attacker controls the prefix */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HtmlInjection" } +module DomBasedXssConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, FlowState state) { source instanceof Source and - (label.isTaint() or label = prefixLabel()) and + (state.isTaint() or state.isTaintedPrefix()) and not source = TaintedUrlSuffix::source() or source = TaintedUrlSuffix::source() and - label = TaintedUrlSuffix::label() + state.isTaintedUrlSuffix() } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, FlowState state) { sink instanceof HtmlSink and - label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()] + (state.isTaint() or state.isTaintedPrefix() or state.isTaintedUrlSuffix()) or sink instanceof JQueryHtmlOrSelectorSink and - label = [DataFlow::FlowLabel::taint(), prefixLabel()] + (state.isTaint() or state.isTaintedPrefix()) or sink instanceof WriteUrlSink and - label = prefixLabel() + state.isTaintedPrefix() } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer + or + node = Shared::BarrierGuard::getABarrierNode() + or + isOptionallySanitizedNode(node) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PrefixStringSanitizerActivated or - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - super.isLabeledBarrier(node, lbl) + predicate isBarrier(DataFlow::Node node, FlowState state) { + // copy all taint barrier guards to the TaintedUrlSuffix/PrefixLabel state + TaintTracking::defaultSanitizer(node) and + (state.isTaintedUrlSuffix() or state.isTaintedPrefix()) or - // copy all taint barriers to the TaintedUrlSuffix/PrefixLabel label. This copies both the ordinary sanitizers and the sanitizer-guards. - super.isLabeledBarrier(node, DataFlow::FlowLabel::taint()) and - lbl = [TaintedUrlSuffix::label(), prefixLabel()] - or - // any non-first string-concatenation leaf is a barrier for the prefix label. + // any non-first string-concatenation leaf is a barrier for the prefix state. exists(StringOps::ConcatenationRoot root | node = root.getALeaf() and not node = root.getFirstLeaf() and - lbl = prefixLabel() + state.isTaintedPrefix() ) or - // we assume that `.join()` calls have a prefix, and thus block the prefix label. + // we assume that `.join()` calls have a prefix, and thus block the prefix state. node = any(DataFlow::MethodCallNode call | call.getMethodName() = "join") and - lbl = prefixLabel() + state.isTaintedPrefix() or - isOptionallySanitizedNode(node) and - lbl = [DataFlow::FlowLabel::taint(), prefixLabel(), TaintedUrlSuffix::label()] + TaintedUrlSuffix::isStateBarrier(node, TaintedUrlSuffix::FlowState::taintedUrlSuffix()) and + state.isTaintedUrlSuffix() + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isBarrierIn(DataFlow::Node node, FlowState state) { isSource(node, state) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - TaintedUrlSuffix::step(src, trg, inlbl, outlbl) + TaintedUrlSuffix::isAdditionalFlowStep(node1, state1, node2, state2) or exists(DataFlow::Node operator | - StringConcatenation::taintStep(src, trg, operator, _) and + StringConcatenation::taintStep(node1, node2, operator, _) and StringConcatenation::getOperand(operator, 0).getStringValue() = "<" + any(string s) and - inlbl = TaintedUrlSuffix::label() and - outlbl.isTaint() + state1.isTaintedUrlSuffix() and + state2.isTaint() ) or - // inherit all ordinary taint steps for prefixLabel - inlbl = prefixLabel() and - outlbl = prefixLabel() and - TaintTracking::sharedTaintStep(src, trg) - or - // steps out of taintedSuffixlabel to taint-label are also a steps to prefixLabel. - TaintedUrlSuffix::step(src, trg, TaintedUrlSuffix::label(), DataFlow::FlowLabel::taint()) and - inlbl = TaintedUrlSuffix::label() and - outlbl = prefixLabel() + // steps out of tainted-url-suffix to taint are also steps to tainted-prefix. + TaintedUrlSuffix::isAdditionalFlowStep(node1, FlowState::taintedUrlSuffix(), node2, + FlowState::taint()) and + state1.isTaintedUrlSuffix() and + state2.isTaintedPrefix() or exists(DataFlow::FunctionNode callback, DataFlow::Node arg | any(JQuery::MethodCall c).interpretsArgumentAsHtml(arg) and callback = arg.getABoundFunctionValue(_) and - src = callback.getReturnNode() and - trg = callback and - inlbl = outlbl + node1 = callback.getReturnNode() and + node2 = callback and + state1 = state2 ) } } -private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGuardNode, - PrefixStringSanitizer -{ +/** + * Taint-tracking for reasoning about XSS by DOM manipulation. + */ +module DomBasedXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DomBasedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "HtmlInjection" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSource(source, FlowState::fromFlowLabel(label)) + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSink(sink, FlowState::fromFlowLabel(label)) + } + + override predicate isSanitizer(DataFlow::Node node) { DomBasedXssConfig::isBarrier(node) } + + override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + DomBasedXssConfig::isBarrier(node, FlowState::fromFlowLabel(lbl)) + } + + override predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 + ) { + DomBasedXssConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, + FlowState::fromFlowLabel(state2)) + or + // inherit all ordinary taint steps for the prefix label + state1 = prefixLabel() and + state2 = prefixLabel() and + TaintTracking::sharedTaintStep(node1, node2) + } +} + +private class PrefixStringSanitizerActivated extends PrefixStringSanitizer { PrefixStringSanitizerActivated() { this = this } } -private class PrefixStringActivated extends DataFlow::FlowLabel, PrefixString { +deprecated private class PrefixStringActivated extends DataFlow::FlowLabel, PrefixString { PrefixStringActivated() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll index 20a710a9da6..70281110a5f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssCustomizations.qll @@ -14,15 +14,51 @@ import javascript module ExceptionXss { private import Xss::Shared as Shared + private newtype TFlowState = + TThrown() or + TNotYetThrown() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TThrown() and result = "thrown" + or + this = TNotYetThrown() and result = "not-yet-thrown" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TThrown() and result.isTaint() + or + this = TNotYetThrown() and result instanceof NotYetThrown + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** A tainted value originating from a thrown and caught exception. */ + FlowState thrown() { result = TThrown() } + + /** A value that has not yet been thrown. */ + FlowState notYetThrown() { result = TNotYetThrown() } + } + /** A data flow source for XSS caused by interpreting exception or error text as HTML. */ abstract class Source extends DataFlow::Node { /** - * Gets a flow label to associate with this source. + * Gets a flow state to associate with this source. * * For sources that should pass through a `throw/catch` before reaching the sink, use the - * `NotYetThrown` labe. Otherwise use `taint` (the default). + * `FlowState::notYetThrown()` state. Otherwise use `FlowState::thrown()` (the default). */ - DataFlow::FlowLabel getAFlowLabel() { result.isTaint() } + FlowState getAFlowState() { result = FlowState::thrown() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } /** * Gets a human-readable description of what type of error this refers to. @@ -33,17 +69,19 @@ module ExceptionXss { } /** + * DEPRECATED. Use `FlowState` instead. + * * A FlowLabel representing tainted data that has not been thrown in an exception. * In the js/xss-through-exception query data-flow can only reach a sink after * the data has been thrown as an exception, and data that has not been thrown * as an exception therefore has this flow label, and only this flow label, associated with it. */ - abstract class NotYetThrown extends DataFlow::FlowLabel { + abstract deprecated class NotYetThrown extends DataFlow::FlowLabel { NotYetThrown() { this = "NotYetThrown" } } private class XssSourceAsSource extends Source instanceof Shared::Source { - override DataFlow::FlowLabel getAFlowLabel() { result instanceof NotYetThrown } + override FlowState getAFlowState() { result instanceof TNotYetThrown } override string getDescription() { result = "Exception text" } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll index a8418898e1b..009367f4f87 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll @@ -8,6 +8,7 @@ import javascript import DomBasedXssCustomizations::DomBasedXss as DomBasedXssCustom import ReflectedXssCustomizations::ReflectedXss as ReflectedXssCustom import ExceptionXssCustomizations::ExceptionXss +private import ExceptionXssCustomizations::ExceptionXss as ExceptionXss private import semmle.javascript.dataflow.InferredTypes import Xss::Shared as XssShared @@ -71,7 +72,7 @@ predicate canThrowSensitiveInformation(DataFlow::Node node) { } // Materialize flow labels -private class ConcreteNotYetThrown extends NotYetThrown { +deprecated private class ConcreteNotYetThrown extends NotYetThrown { ConcreteNotYetThrown() { this = this } } @@ -126,10 +127,45 @@ private DataFlow::Node getExceptionTarget(DataFlow::Node pred) { /** * A taint-tracking configuration for reasoning about XSS with possible exceptional flow. - * Flow labels are used to ensure that we only report taint-flow that has been thrown in + * Flow states are used to ensure that we only report taint-flow that has been thrown in * an exception. */ -class Configuration extends TaintTracking::Configuration { +module ExceptionXssConfig implements DataFlow::StateConfigSig { + class FlowState = ExceptionXss::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof XssShared::Sink and not state = FlowState::notYetThrown() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof XssShared::Sanitizer or node = XssShared::BarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + state1 = FlowState::notYetThrown() and + state2 = [FlowState::thrown(), FlowState::notYetThrown()] and + canThrowSensitiveInformation(node1) and + node2 = getExceptionTarget(node1) + } + + int accessPathLimit() { result = 1 } +} + +/** + * Taint-tracking for reasoning about XSS with possible exceptional flow. + */ +module ExceptionXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `ExceptionXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExceptionXss" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -145,12 +181,11 @@ class Configuration extends TaintTracking::Configuration { override predicate isAdditionalFlowStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl ) { - inlbl instanceof NotYetThrown and - (outlbl.isTaint() or outlbl instanceof NotYetThrown) and - canThrowSensitiveInformation(pred) and - succ = getExceptionTarget(pred) + ExceptionXssConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), succ, + FlowState::fromFlowLabel(outlbl)) or // All the usual taint-flow steps apply on data-flow before it has been thrown in an exception. + // Note: this step is not needed in StateConfigSig module since flow states inherit taint steps. this.isAdditionalFlowStep(pred, succ) and inlbl instanceof NotYetThrown and outlbl instanceof NotYetThrown diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll index fac7b95fe80..72fdafaad50 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll @@ -252,7 +252,6 @@ module ExternalApiUsedWithUntrustedData { | TaintTracking::sharedTaintStep(arg, _) or DataFlow::SharedFlowStep::step(arg, _) or - DataFlow::SharedFlowStep::step(arg, _, _, _) or DataFlow::SharedFlowStep::loadStep(arg, _, _) or DataFlow::SharedFlowStep::storeStep(arg, _, _) or DataFlow::SharedFlowStep::loadStoreStep(arg, _, _) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index b6d8c7fa088..2af00bdac2a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -10,15 +10,49 @@ import javascript import ExternalAPIUsedWithUntrustedDataCustomizations::ExternalApiUsedWithUntrustedData -/** Flow label for objects from which a tainted value is reachable. */ -private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { +/** + * A taint tracking configuration for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierIn(DataFlow::Node node) { + // Block flow from the location to its properties, as the relevant properties (hash and search) are taint sources of their own. + // The location source is only used for propagating through API calls like `new URL(location)` and into external APIs where + // the whole location object escapes. + node = DOM::locationRef().getAPropertyRead() + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Also report values that escape while inside a property + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataFlow = + TaintTracking::Global; + +/** + * Flow label for objects from which a tainted value is reachable. + * + * Only used by the legacy data-flow configuration, as the new data flow configuration + * uses `allowImplicitRead` to achieve this instead. + */ +deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { ObjectWrapperFlowLabel() { this = "object-wrapper" } } /** - * A taint tracking configuration for untrusted data flowing to an external API. + * DEPRECATED. Use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. */ -class Configuration extends TaintTracking::Configuration { +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExternalAPIUsedWithUntrustedData" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -59,10 +93,10 @@ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { any(Configuration c).hasFlow(_, this) } + UntrustedExternalApiDataNode() { ExternalAPIUsedWithUntrustedDataFlow::flow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ - DataFlow::Node getAnUntrustedSource() { any(Configuration c).hasFlow(result, this) } + DataFlow::Node getAnUntrustedSource() { ExternalAPIUsedWithUntrustedDataFlow::flow(result, this) } } /** @@ -72,7 +106,7 @@ private newtype TExternalApi = /** An external API sink with `name`. */ MkExternalApiNode(string name) { exists(Sink sink | - any(Configuration c).hasFlow(_, sink) and + ExternalAPIUsedWithUntrustedDataFlow::flow(_, sink) and name = sink.getApiName() ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 9ce03476755..6b713af340a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -13,7 +13,28 @@ import FileAccessToHttpCustomizations::FileAccessToHttp /** * A taint tracking configuration for file data in outbound network requests. */ -class Configuration extends TaintTracking::Configuration { +module FileAccessToHttpConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + isSink(node) and + contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for file data in outbound network requests. + */ +module FileAccessToHttpFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `FileAccessToHttpFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "FileAccessToHttp" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll index 23cfb8a45a4..a14a4ad5e22 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll @@ -12,66 +12,88 @@ import HardcodedCredentialsCustomizations::HardcodedCredentials /** * A data flow tracking configuration for hardcoded credentials. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "HardcodedCredentials" } +module HardcodedCredentialsConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof Source } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + predicate isSink(DataFlow::Node node) { node instanceof Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { - exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput()) + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(Base64::Encode encode | node1 = encode.getInput() and node2 = encode.getOutput()) or - trg.(StringOps::ConcatenationRoot).getALeaf() = src and - not exists(src.(StringOps::ConcatenationLeaf).getStringValue()) // to avoid e.g. the ":" in `user + ":" + pass` being flagged as a constant credential. + node2.(StringOps::ConcatenationRoot).getALeaf() = node1 and + not exists(node1.(StringOps::ConcatenationLeaf).getStringValue()) // to avoid e.g. the ":" in `user + ":" + pass` being flagged as a constant credential. or exists(DataFlow::MethodCallNode bufferFrom | bufferFrom = DataFlow::globalVarRef("Buffer").getAMethodCall("from") and - trg = bufferFrom and - src = bufferFrom.getArgument(0) + node2 = bufferFrom and + node1 = bufferFrom.getArgument(0) ) or exists(API::Node n | n = API::moduleImport("jose").getMember(["importSPKI", "importPKCS8", "importX509"]) | - src = n.getACall().getArgument(0) and - trg = n.getReturn().getPromised().asSource() + node1 = n.getACall().getArgument(0) and + node2 = n.getReturn().getPromised().asSource() ) or exists(API::Node n | n = API::moduleImport("jose").getMember(["importSPKI", "importPKCS8", "importX509"]) | - src = n.getACall().getArgument(0) and - trg = n.getReturn().getPromised().asSource() + node1 = n.getACall().getArgument(0) and + node2 = n.getReturn().getPromised().asSource() ) or exists(API::Node n | n = API::moduleImport("jose").getMember("importJWK") | - src = n.getParameter(0).getMember(["x", "y", "n"]).asSink() and - trg = n.getReturn().getPromised().asSource() + node1 = n.getParameter(0).getMember(["x", "y", "n"]).asSink() and + node2 = n.getReturn().getPromised().asSource() ) or exists(DataFlow::CallNode n | n = DataFlow::globalVarRef("TextEncoder").getAnInstantiation().getAMemberCall("encode") | - src = n.getArgument(0) and - trg = n + node1 = n.getArgument(0) and + node2 = n ) or exists(DataFlow::CallNode n | n = DataFlow::globalVarRef("Buffer").getAMemberCall("from") | - src = n.getArgument(0) and - trg = [n, n.getAChainedMethodCall(["toString", "toJSON"])] + node1 = n.getArgument(0) and + node2 = [n, n.getAChainedMethodCall(["toString", "toJSON"])] ) or exists(API::Node n | n = API::moduleImport("jose").getMember("base64url").getMember(["decode", "encode"]) | - src = n.getACall().getArgument(0) and - trg = n.getACall() + node1 = n.getACall().getArgument(0) and + node2 = n.getACall() ) } } + +/** + * Data flow for reasoning about hardcoded credentials. + */ +module HardcodedCredentials = DataFlow::Global; + +/** + * DEPRECATED. Use the `HardcodedCredentials` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "HardcodedCredentials" } + + override predicate isSource(DataFlow::Node source) { + HardcodedCredentialsConfig::isSource(source) + } + + override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) } + + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) or + HardcodedCredentialsConfig::isBarrier(node) + } + + override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll index 14d2c8fc148..9ec6f2d5b4a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll @@ -8,20 +8,59 @@ import javascript private import semmle.javascript.security.dataflow.CodeInjectionCustomizations module HardcodedDataInterpretedAsCode { + private newtype TFlowState = + TUnmodified() or + TModified() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TUnmodified() and result = "unmodified" + or + this = TModified() and result = "modified" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TUnmodified() and result.isData() + or + this = TModified() and result.isTaint() + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** An unmodified value originating from a string constant. */ + FlowState unmodified() { result = TUnmodified() } + + /** A value which has undergone some transformation, such as hex decoding. */ + FlowState modified() { result = TModified() } + } + /** * A data flow source for hard-coded data. */ abstract class Source extends DataFlow::Node { - /** Gets a flow label for which this is a source. */ - DataFlow::FlowLabel getLabel() { result.isData() } + /** Gets a flow state for which this is a source. */ + FlowState getAFlowState() { result = FlowState::unmodified() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getLabel() { result = this.getAFlowState().toFlowLabel() } } /** * A data flow sink for code injection. */ abstract class Sink extends DataFlow::Node { - /** Gets a flow label for which this is a sink. */ - abstract DataFlow::FlowLabel getLabel(); + /** Gets a flow state for which this is a sink. */ + FlowState getAFlowState() { result = FlowState::modified() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getLabel() { result = this.getAFlowState().toFlowLabel() } /** Gets a description of what kind of sink this is. */ abstract string getKind(); @@ -50,7 +89,7 @@ module HardcodedDataInterpretedAsCode { * A code injection sink; hard-coded data should not flow here. */ private class DefaultCodeInjectionSink extends Sink instanceof CodeInjection::Sink { - override DataFlow::FlowLabel getLabel() { result.isTaint() } + override FlowState getAFlowState() { result = FlowState::modified() } override string getKind() { result = "Code" } } @@ -61,7 +100,7 @@ module HardcodedDataInterpretedAsCode { private class RequireArgumentSink extends Sink { RequireArgumentSink() { this = any(Require r).getAnArgument().flow() } - override DataFlow::FlowLabel getLabel() { result.isDataOrTaint() } + override FlowState getAFlowState() { result = [FlowState::modified(), FlowState::unmodified()] } override string getKind() { result = "An import path" } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll index 7318681a882..550797e1757 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll @@ -10,12 +10,42 @@ import javascript import HardcodedDataInterpretedAsCodeCustomizations::HardcodedDataInterpretedAsCode +private import HardcodedDataInterpretedAsCodeCustomizations::HardcodedDataInterpretedAsCode as HardcodedDataInterpretedAsCode /** * A taint-tracking configuration for reasoning about hard-coded data * being interpreted as code */ -class Configuration extends TaintTracking::Configuration { +module HardcodedDataInterpretedAsCodeConfig implements DataFlow::StateConfigSig { + class FlowState = HardcodedDataInterpretedAsCode::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node nd, FlowState state) { nd.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintTracking::defaultTaintStep(node1, node2) and + state1 = [FlowState::modified(), FlowState::unmodified()] and + state2 = FlowState::modified() + } +} + +/** + * Taint-tracking for reasoning about hard-coded data being interpreted as code + */ +module HardcodedDataInterpretedAsCodeFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `HardcodedDataInterpretedAsCodeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HardcodedDataInterpretedAsCode" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index f87938dfb71..acc2eacec07 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -6,19 +6,31 @@ import javascript /** - * A taint tracking configuration for host header poisoning in email generation. + * A taint tracking configuration for host header poisoning. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedHostHeader" } - - override predicate isSource(DataFlow::Node node) { +module HostHeaderPoisoningConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { exists(Http::RequestHeaderAccess input | node = input | input.getKind() = "header" and input.getAHeaderName() = "host" ) } - override predicate isSink(DataFlow::Node node) { - exists(EmailSender email | node = email.getABody()) - } + predicate isSink(DataFlow::Node node) { exists(EmailSender email | node = email.getABody()) } +} + +/** + * Taint tracking configuration host header poisoning. + */ +module HostHeaderPoisoningFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "TaintedHostHeader" } + + override predicate isSource(DataFlow::Node node) { HostHeaderPoisoningConfig::isSource(node) } + + override predicate isSink(DataFlow::Node node) { HostHeaderPoisoningConfig::isSink(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll index 992b0cd1e8d..9b3d7635c87 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll @@ -11,7 +11,23 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess /** * A taint tracking configuration for writing user-controlled data to files. */ -class Configuration extends TaintTracking::Configuration { +module HttpToFileAccessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for writing user-controlled data to files. + */ +module HttpToFileAccessFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HttpToFileAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HttpToFileAccess" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll index fd68b3a7077..aad78a027d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll @@ -13,7 +13,23 @@ import ImproperCodeSanitizationCustomizations::ImproperCodeSanitization /** * A taint-tracking configuration for reasoning about improper code sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ImproperCodeSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about improper code sanitization vulnerabilities. + */ +module ImproperCodeSanitizationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ImproperCodeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ImproperCodeSanitization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll index 37bc2ae0bb7..f421a92298f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll @@ -8,6 +8,20 @@ import javascript import semmle.javascript.security.IncompleteBlacklistSanitizer module IncompleteHtmlAttributeSanitization { + private newtype TFlowState = TCharacter(string c) { c = ["\"", "'", "&"] } + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation of this flow state. */ + string toString() { this = TCharacter(result) } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `c`. */ + FlowState character(string c) { result = TCharacter(c) } + } + /** * A data flow source for incomplete HTML sanitization vulnerabilities. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll index 730fa6a0e80..c0401592125 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll @@ -9,8 +9,9 @@ import javascript import IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization +private import IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtmlAttributeSanitization -private module Label { +deprecated private module Label { class Quote extends DataFlow::FlowLabel { Quote() { this = ["\"", "'"] } } @@ -25,7 +26,34 @@ private module Label { /** * A taint-tracking configuration for reasoning about incomplete HTML sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IncompleteHtmlAttributeSanitizationConfig implements DataFlow::StateConfigSig { + class FlowState = IncompleteHtmlAttributeSanitization::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + state = FlowState::character(source.(Source).getAnUnsanitizedCharacter()) + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + state = FlowState::character(sink.(Sink).getADangerousCharacter()) + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + state = FlowState::character(node.(StringReplaceCall).getAReplacedString()) + } + + predicate isBarrier(DataFlow::Node n) { n instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about incomplete HTML sanitization vulnerabilities. + */ +module IncompleteHtmlAttributeSanitizationFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `IncompleteHtmlAttributeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IncompleteHtmlAttributeSanitization" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll index b3e59aec7bd..a0bb45e78ec 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll @@ -10,7 +10,33 @@ private import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IndirectCommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** + * Holds if `sink` is a data-flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module IndirectCommandInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `IndirectCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IndirectCommandInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll index dc383df448c..c7acce602b7 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll @@ -10,14 +10,54 @@ import javascript * Classes and predicates for reasoning about download of sensitive file through insecure connection vulnerabilities. */ module InsecureDownload { + private newtype TFlowState = + TSensitiveInsecureUrl() or + TInsecureUrl() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TSensitiveInsecureUrl() and result = "sensitive-insecure-url" + or + this = TInsecureUrl() and result = "insecure-url" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TSensitiveInsecureUrl() and result instanceof Label::SensitiveInsecureUrl + or + this = TInsecureUrl() and result instanceof Label::InsecureUrl + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** + * A file URL that is both sensitive and downloaded over an insecure connection. + */ + FlowState sensitiveInsecureUrl() { result = TSensitiveInsecureUrl() } + + /** + * A URL that is downloaded over an insecure connection. + */ + FlowState insecureUrl() { result = TInsecureUrl() } + } + /** * A data flow source for download of sensitive file through insecure connection. */ abstract class Source extends DataFlow::Node { /** - * Gets a flow-label for this source. + * Gets a flow state for this source. */ - abstract DataFlow::FlowLabel getALabel(); + FlowState getAFlowState() { result = FlowState::insecureUrl() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getALabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -30,9 +70,14 @@ module InsecureDownload { abstract DataFlow::Node getDownloadCall(); /** - * Gets a flow-label where this sink is vulnerable. + * Gets a flow state where this sink is vulnerable. */ - abstract DataFlow::FlowLabel getALabel(); + FlowState getAFlowState() { + result = [FlowState::insecureUrl(), FlowState::sensitiveInsecureUrl()] + } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getALabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -43,7 +88,7 @@ module InsecureDownload { /** * Flow-labels for reasoning about download of sensitive file through insecure connection. */ - module Label { + deprecated module Label { /** * A flow-label for file URLs that are both sensitive and downloaded over an insecure connection. */ @@ -71,11 +116,11 @@ module InsecureDownload { str.regexpMatch("http://.*|ftp://.*") } - override DataFlow::FlowLabel getALabel() { - result instanceof Label::InsecureUrl + override FlowState getAFlowState() { + result = FlowState::insecureUrl() or hasUnsafeExtension(str) and - result instanceof Label::SensitiveInsecureUrl + result = FlowState::sensitiveInsecureUrl() } } @@ -113,11 +158,11 @@ module InsecureDownload { override DataFlow::Node getDownloadCall() { result = request } - override DataFlow::FlowLabel getALabel() { - result instanceof Label::SensitiveInsecureUrl + override FlowState getAFlowState() { + result = FlowState::sensitiveInsecureUrl() or hasUnsafeExtension(request.getASavePath().getStringValue()) and - result instanceof Label::InsecureUrl + result = FlowState::insecureUrl() } } @@ -145,7 +190,7 @@ module InsecureDownload { ) } - override DataFlow::FlowLabel getALabel() { result instanceof Label::InsecureUrl } + override FlowState getAFlowState() { result = FlowState::insecureUrl() } override DataFlow::Node getDownloadCall() { result = request } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll index 8b7eb42dd25..6a633ec324e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll @@ -8,23 +8,44 @@ import javascript import InsecureDownloadCustomizations::InsecureDownload +private import InsecureDownloadCustomizations::InsecureDownload as InsecureDownload /** * A taint tracking configuration for download of sensitive file through insecure connection. */ -class Configuration extends DataFlow::Configuration { +module InsecureDownloadConfig implements DataFlow::StateConfigSig { + class FlowState = InsecureDownload::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { sink.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for download of sensitive file through insecure connection. + */ +module InsecureDownloadFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `InsecureDownload` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "InsecureDownload" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getALabel() = label + InsecureDownloadConfig::isSource(source, FlowState::fromFlowLabel(label)) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getALabel() = label + InsecureDownloadConfig::isSink(sink, FlowState::fromFlowLabel(label)) } override predicate isBarrier(DataFlow::Node node) { super.isBarrier(node) or - node instanceof Sanitizer + InsecureDownloadConfig::isBarrier(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll index 78dfdbfe833..93b8b448d92 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll @@ -11,11 +11,46 @@ import javascript private import semmle.javascript.security.SensitiveActions import InsecureRandomnessCustomizations::InsecureRandomness private import InsecureRandomnessCustomizations::InsecureRandomness as InsecureRandomness +private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles /** * A taint tracking configuration for random values that are not cryptographically secure. */ -class Configuration extends TaintTracking::Configuration { +module InsecureRandomnessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer + or + ClassifyFiles::isTestFile(node.getFile()) + } + + predicate isBarrierOut(DataFlow::Node node) { + // stop propagation at the sinks to avoid double reporting + isSink(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + InsecureRandomness::isAdditionalTaintStep(node1, node2) + or + // We want to make use of default taint steps but not the default taint sanitizers, as they + // generally assume numbers aren't taintable. So we use a data-flow configuration that includes all + // taint steps as additional flow steps. + TaintTracking::defaultTaintStep(node1, node2) + } +} + +/** + * Taint tracking for random values that are not cryptographically secure. + */ +module InsecureRandomnessFlow = DataFlow::Global; + +/** + * DEPRECATED. Use the `InsecureRandomnessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureRandomness" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll index 56c22972c16..66e63b0a7a4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll @@ -13,7 +13,23 @@ import InsecureTemporaryFileCustomizations::InsecureTemporaryFile /** * A taint-tracking configuration for reasoning about insecure temporary file creation. */ -class Configuration extends TaintTracking::Configuration { +module InsecureTemporaryFileConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about insecure temporary file creation. + */ +module InsecureTemporaryFileFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsecureTemporaryFileFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureTemporaryFile" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll index 40bfcc1072b..d01e46360fd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll @@ -19,7 +19,23 @@ import InsufficientPasswordHashCustomizations::InsufficientPasswordHash * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module InsufficientPasswordHashConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for password hashing with insufficient computational effort. + */ +module InsufficientPasswordHashFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsufficientPasswordHashFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsufficientPasswordHash" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll index 6a98db71c72..e8e4847bfce 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll @@ -22,7 +22,23 @@ abstract class Sanitizer extends DataFlow::Node { } /** * A taint-tracking configuration for untrusted user input used in log entries. */ -class LogInjectionConfiguration extends TaintTracking::Configuration { +module LogInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in log entries. + */ +module LogInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `LogInjectionFlow` module instead. + */ +deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { LogInjectionConfiguration() { this = "LogInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll index 75f48032f3f..63da6fca105 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll @@ -8,6 +8,7 @@ import javascript module LoopBoundInjection { import semmle.javascript.security.TaintedObject + import semmle.javascript.security.CommonFlowState /** * Holds if an exception will be thrown whenever `e` evaluates to `undefined` or `null`. @@ -166,6 +167,41 @@ module LoopBoundInjection { */ abstract class Source extends DataFlow::Node { } + /** + * A barrier guard for looping on tainted objects with unbounded length. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** * A source of remote user input objects. */ @@ -174,24 +210,22 @@ module LoopBoundInjection { /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `isArray` function. */ - class IsArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class IsArraySanitizerGuard extends BarrierGuard, DataFlow::ValueNode { override CallExpr astNode; IsArraySanitizerGuard() { astNode.getCalleeName() = "isArray" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { true = outcome and e = astNode.getAnArgument() and - label = TaintedObject::label() + state.isTaintedObject() } } /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `X instanceof Array` check. */ - class InstanceofArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class InstanceofArraySanitizerGuard extends BarrierGuard, DataFlow::ValueNode { override BinaryExpr astNode; InstanceofArraySanitizerGuard() { @@ -199,10 +233,10 @@ module LoopBoundInjection { DataFlow::globalVarRef("Array").flowsToExpr(astNode.getRightOperand()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { true = outcome and e = astNode.getLeftOperand() and - label = TaintedObject::label() + state.isTaintedObject() } } @@ -211,9 +245,7 @@ module LoopBoundInjection { * * Also implicitly makes sure that only the first DoS-prone loop is selected by the query (as the .length test has outcome=false when exiting the loop). */ - class LengthCheckSanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class LengthCheckSanitizerGuard extends BarrierGuard, DataFlow::ValueNode { override RelationalComparison astNode; DataFlow::PropRead propRead; @@ -222,10 +254,10 @@ module LoopBoundInjection { propRead.getPropertyName() = "length" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { false = outcome and e = propRead.getBase().asExpr() and - label = TaintedObject::label() + state.isTaintedObject() } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll index c277018ba17..2b8a64dbced 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll @@ -13,7 +13,42 @@ import LoopBoundInjectionCustomizations::LoopBoundInjection /** * A taint tracking configuration for reasoning about looping on tainted objects with unbounded length. */ -class Configuration extends TaintTracking::Configuration { +module LoopBoundInjectionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof Source and state.isTaintedObject() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof Sink and state.isTaintedObject() + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + } +} + +/** + * Taint tracking configuration for reasoning about looping on tainted objects with unbounded length. + */ +module LoopBoundInjectionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `LoopBoundInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "LoopBoundInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll index 536276d5c1d..36c0601d501 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionCustomizations.qll @@ -8,6 +8,8 @@ import javascript import semmle.javascript.security.TaintedObject module NosqlInjection { + import semmle.javascript.security.CommonFlowState + /** * A data flow source for NoSQL injection vulnerabilities. */ @@ -22,7 +24,10 @@ module NosqlInjection { * * Defaults to deeply tainted objects only. */ - DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() } + FlowState getAFlowState() { result.isTaintedObject() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll index be9b3bdee0a..dbb5140d7c4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll @@ -14,7 +14,54 @@ import NosqlInjectionCustomizations::NosqlInjection /** * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module NosqlInjectionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof Source and state.isTaint() + or + source instanceof TaintedObject::Source and state.isTaintedObject() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { sink.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node instanceof Sanitizer and state.isTaint() + or + TaintTracking::defaultSanitizer(node) and state.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + or + // additional flow step to track taint through NoSQL query objects + state1.isTaintedObject() and + state2.isTaintedObject() and + exists(NoSql::Query query, DataFlow::SourceNode queryObj | + queryObj.flowsTo(query) and + queryObj.flowsTo(node2) and + node1 = queryObj.getAPropertyWrite().getRhs() + ) + or + TaintTracking::defaultTaintStep(node1, node2) and + state1.isTaint() and + state2 = state1 + } +} + +/** + * Taint-tracking for reasoning about SQL-injection vulnerabilities. + */ +module NosqlInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `NosqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "NosqlInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -37,17 +84,10 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - TaintedObject::step(src, trg, inlbl, outlbl) - or - // additional flow step to track taint through NoSQL query objects - inlbl = TaintedObject::label() and - outlbl = TaintedObject::label() and - exists(NoSql::Query query, DataFlow::SourceNode queryObj | - queryObj.flowsTo(query) and - queryObj.flowsTo(trg) and - src = queryObj.getAPropertyWrite().getRhs() - ) + NosqlInjectionConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, + FlowState::fromFlowLabel(state2)) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll index 736e47daaf6..62f87e29b0b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarCustomizations.qll @@ -24,16 +24,20 @@ module PostMessageStar { abstract class Sanitizer extends DataFlow::Node { } /** + * DEPRECATED. This query no longer uses flow state. + * * A flow label representing an object with at least one tainted property. */ - abstract class PartiallyTaintedObject extends DataFlow::FlowLabel { + abstract deprecated class PartiallyTaintedObject extends DataFlow::FlowLabel { PartiallyTaintedObject() { this = "partially tainted object" } } /** + * DEPRECATED. This query no longer uses flow state. + * * Gets either a standard flow label or the partial-taint label. */ - DataFlow::FlowLabel anyLabel() { + deprecated DataFlow::FlowLabel anyLabel() { result.isDataOrTaint() or result instanceof PartiallyTaintedObject } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index ae7366146da..5fde270041e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -11,7 +11,7 @@ import javascript import PostMessageStarCustomizations::PostMessageStar // Materialize flow labels -private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { +deprecated private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { ConcretePartiallyTaintedObject() { this = this } } @@ -26,7 +26,28 @@ private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { * Additional sources or sinks can be added either by extending the relevant class, or by subclassing * this configuration itself, and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module PostMessageStarConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // If an object leaks, all of its properties have leaked + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * A taint tracking configuration for cross-window communication with unrestricted origin. + */ +module PostMessageStarFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PostMessageStarFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PostMessageStar" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll index 656c7bb3849..bb2f9739501 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll @@ -10,6 +10,39 @@ private import javascript * that my cause prototype pollution. */ module PrototypePollutingAssignment { + private newtype TFlowState = + TTaint() or + TObjectPrototype() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TTaint() and result = "taint" + or + this = TObjectPrototype() and result = "object-prototype" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TTaint() and result.isTaint() + or + this = TObjectPrototype() and result instanceof ObjectPrototype + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** A tainted value. */ + FlowState taint() { result = TTaint() } + + /** A reference to `Object.prototype` obtained by reading from a tainted property name. */ + FlowState objectPrototype() { result = TObjectPrototype() } + } + /** * A data flow source for untrusted data from which the special `__proto__` property name may be arise. */ @@ -30,7 +63,10 @@ module PrototypePollutingAssignment { * Use the `taint` label for untrusted property names, and the `ObjectPrototype` label for * object mutations. */ - abstract DataFlow::FlowLabel getAFlowLabel(); + FlowState getAFlowState() { result = FlowState::objectPrototype() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -38,22 +74,59 @@ module PrototypePollutingAssignment { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for prototype-polluting assignments. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** A flow label representing the `Object.prototype` value. */ - abstract class ObjectPrototype extends DataFlow::FlowLabel { + abstract deprecated class ObjectPrototype extends DataFlow::FlowLabel { ObjectPrototype() { this = "Object.prototype" } } /** The base of an assignment or extend call, as a sink for `Object.prototype` references. */ private class DefaultSink extends Sink { DefaultSink() { - this = any(DataFlow::PropWrite write).getBase() + // Avoid using PropWrite here as we only want assignments that can mutate a pre-existing object, + // so not object literals or array literals. + this = any(AssignExpr assign).getTarget().(PropAccess).getBase().flow() or this = any(ExtendCall c).getDestinationOperand() or this = any(DeleteExpr del).getOperand().flow().(DataFlow::PropRef).getBase() } - override DataFlow::FlowLabel getAFlowLabel() { result instanceof ObjectPrototype } + override FlowState getAFlowState() { result = FlowState::objectPrototype() } } /** A remote flow source or location.{hash,search} as a taint source. */ @@ -67,7 +140,9 @@ module PrototypePollutingAssignment { * A parameter of an exported function, seen as a source prototype-polluting assignment. */ class ExternalInputSource extends Source { - ExternalInputSource() { this = Exports::getALibraryInputParameter() } + ExternalInputSource() { + this = Exports::getALibraryInputParameter() and not this instanceof RemoteFlowSource + } override string describe() { result = "library input" } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll index 197b8594244..2793757add8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll @@ -11,24 +11,25 @@ private import javascript private import semmle.javascript.DynamicPropertyAccess private import semmle.javascript.dataflow.InferredTypes import PrototypePollutingAssignmentCustomizations::PrototypePollutingAssignment +private import PrototypePollutingAssignmentCustomizations::PrototypePollutingAssignment as PrototypePollutingAssignment private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles // Materialize flow labels -private class ConcreteObjectPrototype extends ObjectPrototype { +deprecated private class ConcreteObjectPrototype extends ObjectPrototype { ConcreteObjectPrototype() { this = this } } /** A taint-tracking configuration for reasoning about prototype-polluting assignments. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollutingAssignment" } +module PrototypePollutingAssignmentConfig implements DataFlow::StateConfigSig { + class FlowState = PrototypePollutingAssignment::FlowState; - override predicate isSource(DataFlow::Node node) { node instanceof Source } - - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { - node.(Sink).getAFlowLabel() = lbl + predicate isSource(DataFlow::Node node, FlowState state) { + node instanceof Source and state = FlowState::taint() } - override predicate isSanitizer(DataFlow::Node node) { + predicate isSink(DataFlow::Node node, FlowState state) { node.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer or // Concatenating with a string will in practice prevent the string `__proto__` from arising. @@ -53,25 +54,29 @@ class Configuration extends TaintTracking::Configuration { not replace.getRawReplacement().getStringValue() = "" ) ) + or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isBarrierOut(DataFlow::Node node, FlowState state) { // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving // step because it preserves all properties, but the destination is not actually Object.prototype. node = any(ExtendCall call).getASourceOperand() and - lbl instanceof ObjectPrototype + state = FlowState::objectPrototype() } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isBarrierIn(DataFlow::Node node, FlowState state) { isSource(node, state) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { // Step from x -> obj[x] while switching to the ObjectPrototype label // (If `x` can have the value `__proto__` then the result can be Object.prototype) exists(DynamicPropRead read | - pred = read.getPropertyNameNode() and - succ = read and - inlbl.isTaint() and - outlbl instanceof ObjectPrototype and + node1 = read.getPropertyNameNode() and + node2 = read and + state1 = FlowState::taint() and + state2 = FlowState::objectPrototype() and // Exclude cases where the property name came from a property enumeration. // If the property name is an own property of the base object, the read won't // return Object.prototype. @@ -85,13 +90,82 @@ class Configuration extends TaintTracking::Configuration { // Same as above, but for property projection. exists(PropertyProjection proj | proj.isSingletonProjection() and - pred = proj.getASelector() and - succ = proj and - inlbl.isTaint() and - outlbl instanceof ObjectPrototype + node1 = proj.getASelector() and + node2 = proj and + state1 = FlowState::taint() and + state2 = FlowState::objectPrototype() ) or - DataFlow::localFieldStep(pred, succ) and inlbl = outlbl + state1 = FlowState::taint() and + TaintTracking::defaultTaintStep(node1, node2) and + state1 = state2 + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + state = FlowState::taint() and + TaintTracking::defaultSanitizer(node) + or + // Don't propagate into the receiver, as the method lookups will generally fail on Object.prototype. + node instanceof DataFlow::ThisNode and + state = FlowState::objectPrototype() + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } +} + +/** Taint-tracking for reasoning about prototype-polluting assignments. */ +module PrototypePollutingAssignmentFlow = + DataFlow::GlobalWithState; + +/** + * Holds if the given `source, sink` pair should not be reported, as we don't have enough + * confidence in the alert given that source is a library input. + */ +bindingset[source, sink] +predicate isIgnoredLibraryFlow(ExternalInputSource source, Sink sink) { + exists(source) and + // filter away paths that start with library inputs and end with a write to a fixed property. + exists(DataFlow::PropWrite write | sink = write.getBase() | + // fixed property name + exists(write.getPropertyName()) + or + // non-string property name (likely number) + exists(Expr prop | prop = write.getPropertyNameExpr() | + not prop.analyze().getAType() = TTString() + ) + ) +} + +/** + * DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "PrototypePollutingAssignment" } + + override predicate isSource(DataFlow::Node node) { node instanceof Source } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node.(Sink).getAFlowLabel() = lbl + } + + override predicate isSanitizer(DataFlow::Node node) { + PrototypePollutingAssignmentConfig::isBarrier(node) + } + + override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving + // step because it preserves all properties, but the destination is not actually Object.prototype. + node = any(ExtendCall call).getASourceOperand() and + lbl instanceof ObjectPrototype + } + + override predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + ) { + PrototypePollutingAssignmentConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), + succ, FlowState::fromFlowLabel(outlbl)) } override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { @@ -174,9 +248,7 @@ private predicate isPropertyPresentOnObjectPrototype(string prop) { } /** A check of form `e.prop` where `prop` is not present on `Object.prototype`. */ -private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode -{ +private class PropertyPresenceCheck extends BarrierGuard, DataFlow::ValueNode { override PropAccess astNode; PropertyPresenceCheck() { @@ -184,41 +256,41 @@ private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuard not isPropertyPresentOnObjectPrototype(astNode.getPropertyName()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = astNode.getBase() and outcome = true and - label instanceof ObjectPrototype + state = FlowState::objectPrototype() } } /** A check of form `"prop" in e` where `prop` is not present on `Object.prototype`. */ -private class InExprCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InExprCheck extends BarrierGuard, DataFlow::ValueNode { override InExpr astNode; InExprCheck() { not isPropertyPresentOnObjectPrototype(astNode.getLeftOperand().getStringValue()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = astNode.getRightOperand() and outcome = true and - label instanceof ObjectPrototype + state = FlowState::objectPrototype() } } /** A check of form `e instanceof X`, which is always false for `Object.prototype`. */ -private class InstanceofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InstanceofCheck extends BarrierGuard, DataFlow::ValueNode { override InstanceofExpr astNode; - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = astNode.getLeftOperand() and outcome = true and - label instanceof ObjectPrototype + state = FlowState::objectPrototype() } } /** A check of form `typeof e === "string"`. */ -private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class TypeofCheck extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; @@ -231,43 +303,43 @@ private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, Data ) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { polarity = outcome and e = operand and - label instanceof ObjectPrototype + state = FlowState::objectPrototype() } } /** A guard that checks whether `x` is a number. */ -class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { +class NumberGuard extends BarrierGuard instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A call to `Array.isArray`, which is false for `Object.prototype`. */ -private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::CallNode { +private class IsArrayCheck extends BarrierGuard, DataFlow::CallNode { IsArrayCheck() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = this.getArgument(0).asExpr() and outcome = true and - label instanceof ObjectPrototype + state = FlowState::objectPrototype() } } /** * Sanitizer guard of form `x !== "__proto__"`. */ -private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +private class EqualityCheck extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; EqualityCheck() { astNode.getAnOperand().getStringValue() = "__proto__" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() } @@ -276,10 +348,10 @@ private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow: /** * Sanitizer guard of the form `x.includes("__proto__")`. */ -private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, InclusionTest { +private class IncludesCheck extends BarrierGuard, InclusionTest { IncludesCheck() { this.getContainedNode().mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainerNode().asExpr() and outcome = this.getPolarity().booleanNot() } @@ -288,7 +360,7 @@ private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, In /** * A sanitizer guard that checks tests whether `x` is included in a list like `["__proto__"].includes(x)`. */ -private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, InclusionTest { +private class DenyListInclusionGuard extends BarrierGuard, InclusionTest { DenyListInclusionGuard() { this.getContainerNode() .getALocalSource() @@ -297,7 +369,7 @@ private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, .mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainedNode().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll index 0426b413b44..1e95e4b550f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionCustomizations.qll @@ -9,7 +9,12 @@ import semmle.javascript.security.TaintedObject import semmle.javascript.dependencies.SemVer module PrototypePollution { + import semmle.javascript.security.CommonFlowState + /** + * DEPRECATED. This flow label is no longer in use, and there is no corresponding flow state, as + * the query instead relies on implicit reads at the sinks. + * * A label for wrappers around tainted objects, that is, objects that are * not completely user-controlled, but contain a user-controlled object. * @@ -23,12 +28,12 @@ module PrototypePollution { * } * ``` */ - abstract class TaintedObjectWrapper extends DataFlow::FlowLabel { + abstract deprecated class TaintedObjectWrapper extends DataFlow::FlowLabel { TaintedObjectWrapper() { this = "tainted-object-wrapper" } } - /** Companion module to the `TaintedObjectWrapper` class. */ - module TaintedObjectWrapper { + /** DEPRECATED. Use `FlowState::taintedObjectWrapper()` instead. */ + deprecated module TaintedObjectWrapper { /** Gets the instance of the `TaintedObjectWrapper` label. */ TaintedObjectWrapper label() { any() } } @@ -40,7 +45,10 @@ module PrototypePollution { /** * Gets the type of data coming from this source. */ - abstract DataFlow::FlowLabel getAFlowLabel(); + FlowState getAFlowState() { result.isTaintedObject() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -50,7 +58,10 @@ module PrototypePollution { /** * Gets the type of data that can taint this sink. */ - abstract DataFlow::FlowLabel getAFlowLabel(); + FlowState getAFlowState() { result.isTaintedObject() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } /** * Holds if `moduleName` is the name of the module that defines this sink, @@ -68,14 +79,14 @@ module PrototypePollution { * in order to be flagged for prototype pollution. */ private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { - override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() } + override FlowState getAFlowState() { result.isTaint() } } /** * A source of user-controlled objects. */ private class TaintedObjectSource extends Source instanceof TaintedObject::Source { - override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() } + override FlowState getAFlowState() { result.isTaintedObject() } } class DeepExtendSink extends Sink { @@ -98,12 +109,6 @@ module PrototypePollution { ) } - override DataFlow::FlowLabel getAFlowLabel() { - result = TaintedObject::label() - or - result = TaintedObjectWrapper::label() - } - override predicate dependencyInfo(string moduleName_, Locatable loc) { moduleName = moduleName_ and location = loc diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll index 8ae5ce2404e..03d5e0c62a1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll @@ -13,7 +13,10 @@ import semmle.javascript.dependencies.SemVer import PrototypePollutionCustomizations::PrototypePollution // Materialize flow labels -private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { +/** + * We no longer use this flow label, since it does not work in a world where flow states inherit taint steps. + */ +deprecated private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { ConcreteTaintedObjectWrapper() { this = this } } @@ -21,7 +24,41 @@ private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { * A taint tracking configuration for user-controlled objects flowing into deep `extend` calls, * leading to prototype pollution. */ -class Configuration extends TaintTracking::Configuration { +module PrototypePollutionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node node, FlowState state) { node.(Source).getAFlowState() = state } + + predicate isSink(DataFlow::Node node, FlowState state) { node.(Sink).getAFlowState() = state } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // For recursive merge sinks, the deeply tainted object only needs to be reachable from the input, the input itself + // does not need to be deeply tainted. + isSink(node, FlowState::taintedObject()) and + contents = DataFlow::ContentSet::anyProperty() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } +} + +/** + * Taint tracking for user-controlled objects flowing into deep `extend` calls, + * leading to prototype pollution. + */ +module PrototypePollutionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `PrototypePollutionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PrototypePollution" } override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 75ccaeeb9d8..9af157fe423 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -5,12 +5,30 @@ import javascript import ReflectedXssCustomizations::ReflectedXss -private import Xss::Shared as Shared +private import Xss::Shared as SharedXss /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about reflected XSS. */ -class Configuration extends TaintTracking::Configuration { +module ReflectedXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = SharedXss::BarrierGuard::getABarrierNode() + } +} + +/** + * Taint-tracking for reasoning about reflected XSS. + */ +module ReflectedXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ReflectedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ReflectedXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +46,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends SharedXss::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll index 00fe3779e12..476fd9ccd85 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll @@ -13,7 +13,23 @@ import RegExpInjectionCustomizations::RegExpInjection /** * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ -class Configuration extends TaintTracking::Configuration { +module RegExpInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used to construct regular expressions. + */ +module RegExpInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RegExpInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RegExpInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll index 83422e8f0de..d3cbfeb8268 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll @@ -14,7 +14,26 @@ import RemotePropertyInjectionCustomizations::RemotePropertyInjection /** * A taint-tracking configuration for reasoning about remote property injection. */ -class Configuration extends TaintTracking::Configuration { +module RemotePropertyInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = StringConcatenation::getRoot(any(ConstantString str).flow()) + } +} + +/** + * Taint-tracking for reasoning about remote property injection. + */ +module RemotePropertyInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RemotePropertyInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RemotePropertyInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll index 9c67df35ed9..74317ebcc08 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll @@ -12,23 +12,48 @@ import UrlConcatenation import RequestForgeryCustomizations::RequestForgery /** - * A taint tracking configuration for request forgery. + * A taint tracking configuration for server-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module RequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isAdditionalRequestForgeryStep(node1, node2) + } +} + +/** + * Taint tracking for server-side request forgery. + */ +module RequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RequestForgery" } - override predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + override predicate isSource(DataFlow::Node source) { RequestForgeryConfig::isSource(source) } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + override predicate isSink(DataFlow::Node sink) { RequestForgeryConfig::isSink(sink) } override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or + super.isSanitizer(node) + or node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + RequestForgeryConfig::isBarrierOut(node) + } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isAdditionalRequestForgeryStep(pred, succ) + RequestForgeryConfig::isAdditionalFlowStep(pred, succ) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll index 147d725ae9a..c62aedd4b5c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll @@ -31,6 +31,27 @@ module ResourceExhaustion { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for resource exhaustion vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * DEPRECATED: Use `ActiveThreatModelSource` from Concepts instead! */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll index 366d1db6973..95360d0face 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll @@ -13,7 +13,31 @@ import ResourceExhaustionCustomizations::ResourceExhaustion /** * A data flow configuration for resource exhaustion vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ResourceExhaustionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = any(DataFlow::PropRead read | read.getPropertyName() = "length") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + isNumericFlowStep(node1, node2) + } +} + +/** + * Data flow for resource exhaustion vulnerabilities. + */ +module ResourceExhaustionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ResourceExhaustion" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,10 +73,10 @@ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) { /** * A sanitizer that blocks taint flow if the size of a number is limited. */ -class UpperBoundsCheckSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class UpperBoundsCheckSanitizerGuard extends BarrierGuard, DataFlow::ValueNode { override RelationalComparison astNode; - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { true = outcome and e = astNode.getLesserOperand() or diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll index c405dec31f7..416ad56bef1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll @@ -10,6 +10,8 @@ private import semmle.javascript.security.TaintedObjectCustomizations /** Classes and predicates for reasoning about second order command injection. */ module SecondOrderCommandInjection { + import semmle.javascript.security.CommonFlowState + /** A shell command that allows for second order command injection. */ private class VulnerableCommand extends string { VulnerableCommand() { this = ["git", "hg"] } @@ -39,8 +41,11 @@ module SecondOrderCommandInjection { /** Gets a string that describes the source. For use in the alert message. */ abstract string describe(); - /** Gets a label for which this is a source. */ - abstract DataFlow::FlowLabel getALabel(); + /** Gets a flow state for which this is a source. */ + FlowState getAFlowState() { result.isTaint() } + + /** DEPRECATED. Use `getAFlowState()` instead */ + deprecated DataFlow::FlowLabel getALabel() { result = this.getAFlowState().toFlowLabel() } } /** A parameter of an exported function, seen as a source for second order command injection. */ @@ -49,18 +54,18 @@ module SecondOrderCommandInjection { override string describe() { result = "library input" } - override DataFlow::FlowLabel getALabel() { result = TaintedObject::label() or result.isTaint() } + override FlowState getAFlowState() { result.isTaintedObject() or result.isTaint() } } /** A source of remote flow, seen as a source for second order command injection. */ class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { override string describe() { result = "a user-provided value" } - override DataFlow::FlowLabel getALabel() { result.isTaint() } + override FlowState getAFlowState() { result.isTaint() } } private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source { - override DataFlow::FlowLabel getALabel() { result = TaintedObject::label() } + override FlowState getAFlowState() { result.isTaintedObject() } override string describe() { result = "a user-provided value" } } @@ -70,8 +75,11 @@ module SecondOrderCommandInjection { /** A sink for second order command injection. */ abstract class Sink extends DataFlow::Node { - /** Gets a label for which this is a sink. */ - abstract DataFlow::FlowLabel getALabel(); + /** Gets a flow state for which this is a sink. */ + FlowState getAFlowState() { result.isTaint() or result.isTaintedObject() } + + /** DERECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getALabel() { result = this.getAFlowState().toFlowLabel() } /** Gets the command getting invoked. I.e. `git` or `hg`. */ abstract string getCommand(); @@ -83,6 +91,41 @@ module SecondOrderCommandInjection { abstract string getVulnerableArgumentExample(); } + /** + * A barrier guard for second order command-injection vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** * A sink that invokes a command described by the `VulnerableCommand` class. */ @@ -170,7 +213,7 @@ module SecondOrderCommandInjection { ) } - override DataFlow::FlowLabel getALabel() { result.isTaint() } + override FlowState getAFlowState() { result.isTaint() } } /** @@ -184,15 +227,14 @@ module SecondOrderCommandInjection { } // only vulnerable if an attacker controls the entire array - override DataFlow::FlowLabel getALabel() { result = TaintedObject::label() } + override FlowState getAFlowState() { result.isTaintedObject() } } /** * A sanitizer that blocks flow when a string is tested to start with a certain prefix. */ - class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e) { + class PrefixStringSanitizer extends BarrierGuard instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity() } @@ -201,11 +243,10 @@ module SecondOrderCommandInjection { /** * A sanitizer that blocks flow when a string does not start with "--" */ - class DoubleDashSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { + class DoubleDashSanitizer extends BarrierGuard instanceof StringOps::StartsWith { DoubleDashSanitizer() { super.getSubstring().mayHaveStringValue("--") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index fc10cd30c71..16d15b42ce4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -14,7 +14,51 @@ private import semmle.javascript.security.TaintedObject /** * A taint-tracking configuration for reasoning about second order command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { sink.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintTracking::defaultSanitizer(node) and + state.isTaint() + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + state1.isTaint() and + TaintTracking::defaultTaintStep(node1, node2) and + state1 = state2 + } +} + +/** + * Taint-tracking for reasoning about second order command-injection vulnerabilities. + */ +module SecondOrderCommandInjectionFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `SecondOrderCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "SecondOrderCommandInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index 7f16f7f49dd..dc45a6c5614 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -15,7 +15,32 @@ import ServerSideUrlRedirectCustomizations::ServerSideUrlRedirect /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(HtmlSanitizerCall call | + node1 = call.getInput() and + node2 = call + ) + } +} + +/** + * Taint-tracking for reasoning about unvalidated URL redirections. + */ +module ServerSideUrlRedirectFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ServerSideUrlRedirect" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -27,7 +52,9 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + ServerSideUrlRedirectConfig::isBarrierOut(node) + } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { guard instanceof LocalUrlSanitizingGuard or @@ -35,10 +62,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call - ) + ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) } } @@ -46,12 +70,22 @@ class Configuration extends TaintTracking::Configuration { * A call to a function called `isLocalUrl` or similar, which is * considered to sanitize a variable for purposes of URL redirection. */ -class LocalUrlSanitizingGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { +class LocalUrlSanitizingGuard extends DataFlow::CallNode { LocalUrlSanitizingGuard() { this.getCalleeName().regexpMatch("(?i)(is_?)?local_?url") } - override predicate sanitizes(boolean outcome, Expr e) { - // `isLocalUrl(e)` sanitizes `e` if it evaluates to `true` + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { this.getAnArgument().asExpr() = e and outcome = true } } + +deprecated private class LocalUrlSanitizingGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof LocalUrlSanitizingGuard +{ + override predicate sanitizes(boolean outcome, Expr e) { + LocalUrlSanitizingGuard.super.sanitizes(outcome, e) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll index 6e0cff12eff..8d04d283c00 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll @@ -14,7 +14,31 @@ import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** Holds if `sink` is a command-injection sink with `highlight` as the corresponding alert location. */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module ShellCommandInjectionFromEnvironmentFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `ShellCommandInjectionFromEnvironmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ShellCommandInjectionFromEnvironment" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll index 43f50e77c77..f91a9ce27d3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll @@ -13,7 +13,35 @@ import SqlInjectionCustomizations::SqlInjection /** * A taint-tracking configuration for reasoning about string based query injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(LdapJS::TaintPreservingLdapFilterStep filter | + node1 = filter.getInput() and + node2 = filter.getOutput() + ) + or + exists(HtmlSanitizerCall call | + node1 = call.getInput() and + node2 = call + ) + } +} + +/** + * Taint-tracking for reasoning about string based query injection vulnerabilities. + */ +module SqlInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "SqlInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -26,14 +54,6 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(LdapJS::TaintPreservingLdapFilterStep filter | - pred = filter.getInput() and - succ = filter.getOutput() - ) - or - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call - ) + SqlInjectionConfig::isAdditionalFlowStep(pred, succ) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll index 4350fbab061..cb05f91c727 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll @@ -14,14 +14,10 @@ import StackTraceExposureCustomizations::StackTraceExposure * A taint-tracking configuration for reasoning about stack trace * exposure problems. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } +module StackTraceExposureConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof Source } - override predicate isSource(DataFlow::Node src) { src instanceof Source } - - override predicate isSanitizer(DataFlow::Node nd) { - super.isSanitizer(nd) - or + predicate isBarrier(DataFlow::Node nd) { // read of a property other than `stack` nd.(DataFlow::PropRead).getPropertyName() != "stack" or @@ -31,5 +27,27 @@ class Configuration extends TaintTracking::Configuration { nd = StringConcatenation::getAnOperand(_) } + predicate isSink(DataFlow::Node snk) { snk instanceof Sink } +} + +/** + * Taint-tracking for reasoning about stack trace exposure problems. + */ +module StackTraceExposureFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StackTraceExposureFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "StackTraceExposure" } + + override predicate isSource(DataFlow::Node src) { src instanceof Source } + + override predicate isSanitizer(DataFlow::Node nd) { + super.isSanitizer(nd) + or + StackTraceExposureConfig::isBarrier(nd) + } + override predicate isSink(DataFlow::Node snk) { snk instanceof Sink } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll index 16fe8e44a9c..412332b5411 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll @@ -21,6 +21,16 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for stored XSS. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */ private class AnySink extends Sink { AnySink() { this instanceof Shared::Sink } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll index cc2f3947186..87a870abe35 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll @@ -8,9 +8,27 @@ import StoredXssCustomizations::StoredXss private import Xss::Shared as Shared /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about stored XSS. */ -class Configuration extends TaintTracking::Configuration { +module StoredXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = Shared::BarrierGuard::getABarrierNode() + } +} + +/** + * Taint-tracking for reasoning about stored XSS. + */ +module StoredXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StoredXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "StoredXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +46,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll index 0475999ed3c..b10088af82e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll @@ -13,7 +13,23 @@ private import TaintedFormatStringCustomizations::TaintedFormatString /** * A taint-tracking configuration for format injections. */ -class Configuration extends TaintTracking::Configuration { +module TaintedFormatStringConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for format injections. + */ +module TaintedFormatStringFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `TaintedFormatStringFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "TaintedFormatString" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index 8798c926086..0107d36d63d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -11,16 +11,22 @@ module TaintedPath { * A data flow source for tainted-path vulnerabilities. */ abstract class Source extends DataFlow::Node { - /** Gets a flow label denoting the type of value for which this is a source. */ - DataFlow::FlowLabel getAFlowLabel() { result instanceof Label::PosixPath } + /** Gets a flow state denoting the type of value for which this is a source. */ + FlowState getAFlowState() { result instanceof FlowState::PosixPath } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** * A data flow sink for tainted-path vulnerabilities. */ abstract class Sink extends DataFlow::Node { - /** Gets a flow label denoting the type of value for which this is a sink. */ - DataFlow::FlowLabel getAFlowLabel() { result instanceof Label::PosixPath } + /** Gets a flow state denoting the type of value for which this is a sink. */ + FlowState getAFlowState() { result instanceof FlowState::PosixPath } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -31,9 +37,57 @@ module TaintedPath { /** * A barrier guard for tainted-path vulnerabilities. */ - abstract class BarrierGuardNode extends DataFlow::LabeledBarrierGuardNode { } + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } - module Label { + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + + deprecated class BarrierGuardNode = BarrierGuard; + + private newtype TFlowState = + TPosixPath(FlowState::Normalization normalization, FlowState::Relativeness relativeness) or + TSplitPath() + + private class FlowStateImpl extends TFlowState { + /** Gets a string representation of this flow state. */ + abstract string toString(); + + /** DEPRECATED. Gets the corresponding flow label, for backwards compatibility. */ + abstract deprecated DataFlow::FlowLabel toFlowLabel(); + } + + /** The flow state to associate with a tainted value. See also `FlowState::PosixPath`. */ + final class FlowState = FlowStateImpl; + + /** Module containing details of individual flow states. */ + module FlowState { /** * A string indicating if a path is normalized, that is, whether internal `../` components * have been removed. @@ -49,6 +103,91 @@ module TaintedPath { Relativeness() { this = "relative" or this = "absolute" } } + /** + * A flow state representing a Posix path. + * + * There are currently four flow states, representing the different combinations of + * normalization and absoluteness. + */ + class PosixPath extends FlowStateImpl, TPosixPath { + Normalization normalization; + Relativeness relativeness; + + PosixPath() { this = TPosixPath(normalization, relativeness) } + + /** Gets a string indicating whether this path is normalized. */ + Normalization getNormalization() { result = normalization } + + /** Gets a string indicating whether this path is relative. */ + Relativeness getRelativeness() { result = relativeness } + + /** Holds if this path is normalized. */ + predicate isNormalized() { normalization = "normalized" } + + /** Holds if this path is not normalized. */ + predicate isNonNormalized() { normalization = "raw" } + + /** Holds if this path is relative. */ + predicate isRelative() { relativeness = "relative" } + + /** Holds if this path is relative. */ + predicate isAbsolute() { relativeness = "absolute" } + + /** Gets the path label with normalized flag set to true. */ + PosixPath toNormalized() { + result.isNormalized() and + result.getRelativeness() = this.getRelativeness() + } + + /** Gets the path label with normalized flag set to true. */ + PosixPath toNonNormalized() { + result.isNonNormalized() and + result.getRelativeness() = this.getRelativeness() + } + + /** Gets the path label with absolute flag set to true. */ + PosixPath toAbsolute() { + result.isAbsolute() and + result.getNormalization() = this.getNormalization() + } + + /** Gets the path label with absolute flag set to true. */ + PosixPath toRelative() { + result.isRelative() and + result.getNormalization() = this.getNormalization() + } + + /** Holds if this path may contain `../` components. */ + predicate canContainDotDotSlash() { + // Absolute normalized path is the only combination that cannot contain `../`. + not (this.isNormalized() and this.isAbsolute()) + } + + override string toString() { result = normalization + "-" + relativeness + "-posix-path" } + + deprecated override Label::PosixPath toFlowLabel() { + result.getNormalization() = normalization and result.getRelativeness() = relativeness + } + } + + /** + * A flow label representing an array of path elements that may include "..". + */ + class SplitPath extends FlowStateImpl, TSplitPath { + override string toString() { result = "splitPath" } + + deprecated override Label::SplitPath toFlowLabel() { any() } + } + + /** Convert the given flow label to the corresponding flow state. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + } + + deprecated module Label { + class Normalization = FlowState::Normalization; + + class Relativeness = FlowState::Relativeness; + /** * A flow label representing a Posix path. * @@ -345,17 +484,17 @@ module TaintedPath { * * This is relevant for paths that are known to be normalized. */ - class StartsWithDotDotSanitizer extends BarrierGuardNode instanceof StringOps::StartsWith { + class StartsWithDotDotSanitizer extends BarrierGuard instanceof StringOps::StartsWith { StartsWithDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { // Sanitize in the false case for: // .startsWith(".") // .startsWith("..") // .startsWith("../") outcome = super.getPolarity().booleanNot() and e = super.getBaseString().asExpr() and - exists(Label::PosixPath posixPath | posixPath = label | + exists(FlowState::PosixPath posixPath | posixPath = state | posixPath.isNormalized() and posixPath.isRelative() ) @@ -365,12 +504,12 @@ module TaintedPath { /** * A check of the form `whitelist.includes(x)` or equivalent, which sanitizes `x` in its "then" branch. */ - class MembershipTestBarrierGuard extends BarrierGuardNode { + class MembershipTestBarrierGuard extends BarrierGuard { MembershipCandidate candidate; MembershipTestBarrierGuard() { this = candidate.getTest() } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { candidate = e.flow() and candidate.getTestPolarity() = outcome } @@ -380,7 +519,7 @@ module TaintedPath { * A check of form `x.startsWith(dir)` that sanitizes normalized absolute paths, since it is then * known to be in a subdirectory of `dir`. */ - class StartsWithDirSanitizer extends BarrierGuardNode { + class StartsWithDirSanitizer extends BarrierGuard { StringOps::StartsWith startsWith; StartsWithDirSanitizer() { @@ -390,10 +529,10 @@ module TaintedPath { not startsWith.getSubstring().getStringValue() = "/" } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { outcome = startsWith.getPolarity() and e = startsWith.getBaseString().asExpr() and - exists(Label::PosixPath posixPath | posixPath = label | + exists(FlowState::PosixPath posixPath | posixPath = state | posixPath.isAbsolute() and posixPath.isNormalized() ) @@ -404,7 +543,7 @@ module TaintedPath { * A call to `path.isAbsolute` as a sanitizer for relative paths in true branch, * and a sanitizer for absolute paths in the false branch. */ - class IsAbsoluteSanitizer extends BarrierGuardNode { + class IsAbsoluteSanitizer extends BarrierGuard { DataFlow::Node operand; boolean polarity; boolean negatable; @@ -425,9 +564,9 @@ module TaintedPath { ) // !x.startsWith("/home") does not guarantee that x is not absolute } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = operand.asExpr() and - exists(Label::PosixPath posixPath | posixPath = label | + exists(FlowState::PosixPath posixPath | posixPath = state | outcome = polarity and posixPath.isRelative() or negatable = true and @@ -440,26 +579,26 @@ module TaintedPath { /** * An expression of form `x.includes("..")` or similar. */ - class ContainsDotDotSanitizer extends BarrierGuardNode instanceof StringOps::Includes { + class ContainsDotDotSanitizer extends BarrierGuard instanceof StringOps::Includes { ContainsDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() and - label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path + state.(FlowState::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path } } /** * An expression of form `x.matches(/\.\./)` or similar. */ - class ContainsDotDotRegExpSanitizer extends BarrierGuardNode instanceof StringOps::RegExpTest { + class ContainsDotDotRegExpSanitizer extends BarrierGuard instanceof StringOps::RegExpTest { ContainsDotDotRegExpSanitizer() { super.getRegExp().getAMatchedString() = [".", "..", "../"] } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = super.getStringOperand().asExpr() and outcome = super.getPolarity().booleanNot() and - label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path + state.(FlowState::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path } } @@ -484,7 +623,7 @@ module TaintedPath { * } * ``` */ - class RelativePathStartsWithSanitizer extends BarrierGuardNode { + class RelativePathStartsWithSanitizer extends BarrierGuard { StringOps::StartsWith startsWith; DataFlow::CallNode pathCall; string member; @@ -506,7 +645,7 @@ module TaintedPath { (not member = "relative" or isDotDotSlashPrefix(startsWith.getSubstring())) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { member = "relative" and e = this.maybeGetPathSuffix(pathCall.getArgument(1)).asExpr() and outcome = startsWith.getPolarity().booleanNot() @@ -542,7 +681,7 @@ module TaintedPath { * An expression of form `isInside(x, y)` or similar, where `isInside` is * a library check for the relation between `x` and `y`. */ - class IsInsideCheckSanitizer extends BarrierGuardNode { + class IsInsideCheckSanitizer extends BarrierGuard { DataFlow::Node checked; boolean onlyNormalizedAbsolutePaths; @@ -558,11 +697,11 @@ module TaintedPath { ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { ( onlyNormalizedAbsolutePaths = true and - label.(Label::PosixPath).isNormalized() and - label.(Label::PosixPath).isAbsolute() + state.(FlowState::PosixPath).isNormalized() and + state.(FlowState::PosixPath).isAbsolute() or onlyNormalizedAbsolutePaths = false ) and @@ -629,12 +768,12 @@ module TaintedPath { private class FsPathSinkWithoutUpwardNavigation extends FsPathSink { FsPathSinkWithoutUpwardNavigation() { fileSystemAccess.isUpwardNavigationRejected(this) } - override DataFlow::FlowLabel getAFlowLabel() { + override FlowState getAFlowState() { // The protection is ineffective if the ../ segments have already // cancelled out against the intended root dir using path.join or similar. // Only flag normalized paths, as this corresponds to the output // of a normalizing call that had a malicious input. - result.(Label::PosixPath).isNormalized() + result.(FlowState::PosixPath).isNormalized() } } @@ -728,42 +867,50 @@ module TaintedPath { } /** - * Holds if there is a step `src -> dst` mapping `srclabel` to `dstlabel` relevant for path traversal vulnerabilities. + * DEPRECATED. Use `isAdditionalFlowStep` instead. */ - predicate isAdditionalTaintedPathFlowStep( + deprecated predicate isAdditionalTaintedPathFlowStep( DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - isPosixPathStep(src, dst, srclabel, dstlabel) + isAdditionalFlowStep(src, FlowState::fromFlowLabel(srclabel), dst, + FlowState::fromFlowLabel(dstlabel)) + } + + /** + * Holds if there is a step `node1 -> node2` mapping `state1` to `state2` relevant for path traversal vulnerabilities. + */ + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + isPosixPathStep(node1, state1, node2, state2) or // Ignore all preliminary sanitization after decoding URI components - srclabel instanceof Label::PosixPath and - dstlabel instanceof Label::PosixPath and + state1 instanceof FlowState::PosixPath and + state2 instanceof FlowState::PosixPath and ( - TaintTracking::uriStep(src, dst) + TaintTracking::uriStep(node1, node2) or exists(DataFlow::CallNode decode | decode.getCalleeName() = "decodeURIComponent" or decode.getCalleeName() = "decodeURI" | - src = decode.getArgument(0) and - dst = decode + node1 = decode.getArgument(0) and + node2 = decode ) ) or - TaintTracking::promiseStep(src, dst) and srclabel = dstlabel + TaintTracking::persistentStorageStep(node1, node2) and state1 = state2 or - TaintTracking::persistentStorageStep(src, dst) and srclabel = dstlabel - or - exists(DataFlow::PropRead read | read = dst | - src = read.getBase() and + exists(DataFlow::PropRead read | read = node2 | + node1 = read.getBase() and read.getPropertyName() != "length" and - srclabel = dstlabel and + state1 = state2 and not AccessPath::DominatingPaths::hasDominatingWrite(read) ) or // string method calls of interest exists(DataFlow::MethodCallNode mcn, string name | - srclabel = dstlabel and dst = mcn and mcn.calls(src, name) + state1 = state2 and node2 = mcn and mcn.calls(node1, name) | name = StringOps::substringMethodName() and // to avoid very dynamic transformations, require at least one fixed index @@ -781,49 +928,49 @@ module TaintedPath { ) or // A `str.split()` call can either split into path elements (`str.split("/")`) or split by some other string. - exists(StringSplitCall mcn | dst = mcn and mcn.getBaseString() = src | + exists(StringSplitCall mcn | node2 = mcn and mcn.getBaseString() = node1 | if mcn.getSeparator() = "/" then - srclabel.(Label::PosixPath).canContainDotDotSlash() and - dstlabel instanceof Label::SplitPath - else srclabel = dstlabel + state1.(FlowState::PosixPath).canContainDotDotSlash() and + state2 instanceof FlowState::SplitPath + else state1 = state2 ) or // array method calls of interest - exists(DataFlow::MethodCallNode mcn, string name | dst = mcn and mcn.calls(src, name) | + exists(DataFlow::MethodCallNode mcn, string name | node2 = mcn and mcn.calls(node1, name) | ( name = "pop" or name = "shift" ) and - srclabel instanceof Label::SplitPath and - dstlabel.(Label::PosixPath).canContainDotDotSlash() + state1 instanceof FlowState::SplitPath and + state2.(FlowState::PosixPath).canContainDotDotSlash() or ( name = "slice" or name = "splice" or name = "concat" ) and - dstlabel instanceof Label::SplitPath and - srclabel instanceof Label::SplitPath + state2 instanceof FlowState::SplitPath and + state1 instanceof FlowState::SplitPath or name = "join" and mcn.getArgument(0).mayHaveStringValue("/") and - srclabel instanceof Label::SplitPath and - dstlabel.(Label::PosixPath).canContainDotDotSlash() + state1 instanceof FlowState::SplitPath and + state2.(FlowState::PosixPath).canContainDotDotSlash() ) or // prefix.concat(path) exists(DataFlow::MethodCallNode mcn | - mcn.getMethodName() = "concat" and mcn.getAnArgument() = src + mcn.getMethodName() = "concat" and mcn.getAnArgument() = node1 | - dst = mcn and - dstlabel instanceof Label::SplitPath and - srclabel instanceof Label::SplitPath + node2 = mcn and + state2 instanceof FlowState::SplitPath and + state1 instanceof FlowState::SplitPath ) or // reading unknown property of split path - exists(DataFlow::PropRead read | read = dst | - src = read.getBase() and + exists(DataFlow::PropRead read | read = node2 | + node1 = read.getBase() and not read.getPropertyName() = "length" and not exists(read.getPropertyNameExpr().getIntValue()) and // split[split.length - 1] @@ -832,96 +979,97 @@ module TaintedPath { binop.getAnOperand().getIntValue() = 1 and binop.getAnOperand().(PropAccess).getPropertyName() = "length" ) and - srclabel instanceof Label::SplitPath and - dstlabel.(Label::PosixPath).canContainDotDotSlash() + state1 instanceof FlowState::SplitPath and + state2.(FlowState::PosixPath).canContainDotDotSlash() ) or exists(API::CallNode call | call = API::moduleImport("slash").getACall() | - src = call.getArgument(0) and - dst = call and - srclabel = dstlabel + node1 = call.getArgument(0) and + node2 = call and + state1 = state2 ) or exists(HtmlSanitizerCall call | - src = call.getInput() and - dst = call and - srclabel = dstlabel + node1 = call.getInput() and + node2 = call and + state1 = state2 ) or exists(DataFlow::CallNode join | // path.join() with spread argument join = NodeJSLib::Path::moduleMember("join").getACall() and - src = join.getASpreadArgument() and - dst = join and + node1 = join.getASpreadArgument() and + node2 = join and ( - srclabel.(Label::PosixPath).canContainDotDotSlash() + state1.(FlowState::PosixPath).canContainDotDotSlash() or - srclabel instanceof Label::SplitPath + state1 instanceof FlowState::SplitPath ) and - dstlabel.(Label::PosixPath).isNormalized() and + state2.(FlowState::PosixPath).isNormalized() and if isRelative(join.getArgument(0).getStringValue()) - then dstlabel.(Label::PosixPath).isRelative() - else dstlabel.(Label::PosixPath).isAbsolute() + then state2.(FlowState::PosixPath).isRelative() + else state2.(FlowState::PosixPath).isAbsolute() ) } /** - * Holds if we should include a step from `src -> dst` with labels `srclabel -> dstlabel`, and the - * standard taint step `src -> dst` should be suppressed. + * Holds if we should include a step from `node1 -> node2` with labels `state1 -> state2`, and the + * standard taint step `node1 -> node2` should be suppressed. */ private predicate isPosixPathStep( - DataFlow::Node src, DataFlow::Node dst, Label::PosixPath srclabel, Label::PosixPath dstlabel + DataFlow::Node node1, FlowState::PosixPath state1, DataFlow::Node node2, + FlowState::PosixPath state2 ) { // path.normalize() and similar exists(NormalizingPathCall call | - src = call.getInput() and - dst = call.getOutput() and - dstlabel = srclabel.toNormalized() + node1 = call.getInput() and + node2 = call.getOutput() and + state2 = state1.toNormalized() ) or // path.resolve() and similar exists(ResolvingPathCall call | - src = call.getInput() and - dst = call.getOutput() and - dstlabel.isAbsolute() and - dstlabel.isNormalized() + node1 = call.getInput() and + node2 = call.getOutput() and + state2.isAbsolute() and + state2.isNormalized() ) or // path.relative() and similar exists(NormalizingRelativePathCall call | - src = call.getInput() and - dst = call.getOutput() and - dstlabel.isRelative() and - dstlabel.isNormalized() + node1 = call.getInput() and + node2 = call.getOutput() and + state2.isRelative() and + state2.isNormalized() ) or // path.dirname() and similar exists(PreservingPathCall call | - src = call.getInput() and - dst = call.getOutput() and - srclabel = dstlabel + node1 = call.getInput() and + node2 = call.getOutput() and + state1 = state2 ) or // foo.replace(/\./, "") and similar exists(DotRemovingReplaceCall call | - src = call.getInput() and - dst = call.getOutput() and - srclabel.isAbsolute() and - dstlabel.isAbsolute() and - dstlabel.isNormalized() + node1 = call.getInput() and + node2 = call.getOutput() and + state1.isAbsolute() and + state2.isAbsolute() and + state2.isNormalized() ) or // foo.replace(/(\.\.\/)*/, "") and similar exists(DotDotSlashPrefixRemovingReplace call | - src = call.getInput() and - dst = call.getOutput() + node1 = call.getInput() and + node2 = call.getOutput() | - // the 4 possible combinations of normalized + relative for `srclabel`, and the possible values for `dstlabel` in each case. - srclabel.isNonNormalized() and srclabel.isRelative() // raw + relative -> any() + // the 4 possible combinations of normalized + relative for `state1`, and the possible values for `state2` in each case. + state1.isNonNormalized() and state1.isRelative() // raw + relative -> any() or - srclabel.isNormalized() and srclabel.isAbsolute() and srclabel = dstlabel // normalized + absolute -> normalized + absolute + state1.isNormalized() and state1.isAbsolute() and state1 = state2 // normalized + absolute -> normalized + absolute or - srclabel.isNonNormalized() and srclabel.isAbsolute() and dstlabel.isAbsolute() // raw + absolute -> raw/normalized + absolute + state1.isNonNormalized() and state1.isAbsolute() and state2.isAbsolute() // raw + absolute -> raw/normalized + absolute // normalized + relative -> none() ) or @@ -929,37 +1077,39 @@ module TaintedPath { exists(DataFlow::CallNode join, int n | join = NodeJSLib::Path::moduleMember("join").getACall() | - src = join.getArgument(n) and - dst = join and + node1 = join.getArgument(n) and + node2 = join and ( // If the initial argument is tainted, just normalize it. It can be relative or absolute. n = 0 and - dstlabel = srclabel.toNormalized() + state2 = state1.toNormalized() or // For later arguments, the flow label depends on whether the first argument is absolute or relative. // If in doubt, we assume it is absolute. n > 0 and - srclabel.canContainDotDotSlash() and - dstlabel.isNormalized() and + state1.canContainDotDotSlash() and + state2.isNormalized() and if isRelative(join.getArgument(0).getStringValue()) - then dstlabel.isRelative() - else dstlabel.isAbsolute() + then state2.isRelative() + else state2.isAbsolute() ) ) or // String concatenation - behaves like path.join() except without normalization - exists(DataFlow::Node operator, int n | StringConcatenation::taintStep(src, dst, operator, n) | + exists(DataFlow::Node operator, int n | + StringConcatenation::taintStep(node1, node2, operator, n) + | // use ordinary taint flow for the first operand n = 0 and - srclabel = dstlabel + state1 = state2 or n > 0 and - srclabel.canContainDotDotSlash() and - dstlabel.isNonNormalized() and // The ../ is no longer at the beginning of the string. + state1.canContainDotDotSlash() and + state2.isNonNormalized() and // The ../ is no longer at the beginning of the string. ( if isRelative(StringConcatenation::getOperand(operator, 0).getStringValue()) - then dstlabel.isRelative() - else dstlabel.isAbsolute() + then state2.isRelative() + else state2.isAbsolute() ) ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll index 914c63543f5..ad08ebc5f40 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll @@ -8,21 +8,56 @@ */ import javascript -import TaintedPathCustomizations::TaintedPath +private import TaintedPathCustomizations +private import TaintedPathCustomizations::TaintedPath // Materialize flow labels -private class ConcretePosixPath extends Label::PosixPath { +deprecated private class ConcretePosixPath extends Label::PosixPath { ConcretePosixPath() { this = this } } -private class ConcreteSplitPath extends Label::SplitPath { +deprecated private class ConcreteSplitPath extends Label::SplitPath { ConcreteSplitPath() { this = this } } /** * A taint-tracking configuration for reasoning about tainted-path vulnerabilities. */ -class Configuration extends DataFlow::Configuration { +module TaintedPathConfig implements DataFlow::StateConfigSig { + class FlowState = TaintedPath::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + state = source.(Source).getAFlowState() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { state = sink.(Sink).getAFlowState() } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node instanceof Sanitizer and exists(state) + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedPath::isAdditionalFlowStep(node1, state1, node2, state2) + } +} + +/** + * Taint-tracking for reasoning about tainted-path vulnerabilities. + */ +module TaintedPathFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TaintedPathFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "TaintedPath" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll index 5e7ae35dd88..b141feb1409 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionCustomizations.qll @@ -12,12 +12,17 @@ private import semmle.javascript.security.TaintedObjectCustomizations * template object injection vulnerabilities. */ module TemplateObjectInjection { + import semmle.javascript.security.CommonFlowState + /** * A data flow source for template object injection vulnerabilities. */ abstract class Source extends DataFlow::Node { - /** Gets a flow label to associate with this source. */ - abstract DataFlow::FlowLabel getAFlowLabel(); + /** Gets a flow state for which this is a source. */ + FlowState getAFlowState() { result.isTaint() } + + /** DEPRECATED. Use `getAFlowState()` instead */ + deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -31,12 +36,12 @@ module TemplateObjectInjection { abstract class Sanitizer extends DataFlow::Node { } private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source { - override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() } + override FlowState getAFlowState() { result.isTaintedObject() } } /** An active threat-model source, considered as a flow source. */ private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { - override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() } + override FlowState getAFlowState() { result.isTaint() } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 22bb06e4af3..66e401d40ac 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -14,7 +14,48 @@ private import semmle.javascript.security.TaintedObject /** * A taint tracking configuration for reasoning about template object injection vulnerabilities. */ -class TemplateObjInjectionConfig extends TaintTracking::Configuration { +module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof Sink and state.isTaintedObject() + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintTracking::defaultSanitizer(node) and + state.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + state1.isTaint() and + TaintTracking::defaultTaintStep(node1, node2) and + state1 = state2 + } +} + +/** + * Taint tracking for reasoning about template object injection vulnerabilities. + */ +module TemplateObjectInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead. + */ +deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration { TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll index ad608017115..de09aedce12 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll @@ -23,6 +23,27 @@ module TypeConfusionThroughParameterTampering { */ abstract class Barrier extends DataFlow::Node { } + /** + * A barrier guard for type confusion for HTTP request inputs. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * An HTTP request parameter that the user controls the type of. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll index 9cc09987343..7ca9e9509f5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll @@ -13,19 +13,61 @@ private import semmle.javascript.dataflow.InferredTypes import TypeConfusionThroughParameterTamperingCustomizations::TypeConfusionThroughParameterTampering /** - * A taint tracking configuration for type confusion for HTTP request inputs. + * Data flow configuration for type confusion for HTTP request inputs. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "TypeConfusionThroughParameterTampering" } +module TypeConfusionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink instanceof Sink and sink.analyze().getAType() = TTString() and sink.analyze().getAType() = TTObject() } + predicate isBarrier(DataFlow::Node node) { + node instanceof Barrier or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } +} + +/** + * Data flow for type confusion for HTTP request inputs. + */ +module TypeConfusionFlow = DataFlow::Global; + +private class TypeOfTestBarrier extends BarrierGuard, DataFlow::ValueNode { + override EqualityTest astNode; + + TypeOfTestBarrier() { TaintTracking::isTypeofGuard(astNode, _, _) } + + override predicate blocksExpr(boolean outcome, Expr e) { + exists(string tag | + TaintTracking::isTypeofGuard(astNode, e, tag) and + if tag = ["string", "object"] + then outcome = [true, false] // separation between string/array removes type confusion in both branches + else outcome = astNode.getPolarity() // block flow to branch where value is neither string nor array + ) + } +} + +private class IsArrayBarrier extends BarrierGuard, DataFlow::CallNode { + IsArrayBarrier() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } + + override predicate blocksExpr(boolean outcome, Expr e) { + e = this.getArgument(0).asExpr() and + outcome = [true, false] // separation between string/array removes type confusion in both branches + } +} + +/** + * DEPRECATED. Use the `TypeConfusionFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "TypeConfusionThroughParameterTampering" } + + override predicate isSource(DataFlow::Node source) { TypeConfusionConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TypeConfusionConfig::isSink(sink) } + override predicate isBarrier(DataFlow::Node node) { super.isBarrier(node) or @@ -37,27 +79,3 @@ class Configuration extends DataFlow::Configuration { guard instanceof IsArrayBarrier } } - -private class TypeOfTestBarrier extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { - override EqualityTest astNode; - - TypeOfTestBarrier() { TaintTracking::isTypeofGuard(astNode, _, _) } - - override predicate blocks(boolean outcome, Expr e) { - exists(string tag | - TaintTracking::isTypeofGuard(astNode, e, tag) and - if tag = ["string", "object"] - then outcome = [true, false] // separation between string/array removes type confusion in both branches - else outcome = astNode.getPolarity() // block flow to branch where value is neither string nor array - ) - } -} - -private class IsArrayBarrier extends DataFlow::BarrierGuardNode, DataFlow::CallNode { - IsArrayBarrier() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - - override predicate blocks(boolean outcome, Expr e) { - e = this.getArgument(0).asExpr() and - outcome = [true, false] // separation between string/array removes type confusion in both branches - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll index 2c45483f0db..a7580b161ec 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll @@ -19,7 +19,30 @@ module UnsafeCodeConstruction { /** * A taint-tracking configuration for reasoning about unsafe code constructed from library input. */ - class Configuration extends TaintTracking::Configuration { + module UnsafeCodeConstructionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CodeInjection::Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // HTML sanitizers are insufficient protection against code injection + node1 = node2.(HtmlSanitizerCall).getInput() + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + } + + /** + * Taint-tracking for reasoning about unsafe code constructed from library input. + */ + module UnsafeCodeConstructionFlow = TaintTracking::Global; + + /** + * DEPRECATED. Use the `UnsafeCodeConstructionFlow` module instead. + */ + deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeCodeConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll index f8afff17b3a..edb3f93fa1b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll @@ -12,7 +12,23 @@ import UnsafeDeserializationCustomizations::UnsafeDeserialization /** * A taint-tracking configuration for reasoning about unsafe deserialization. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeDeserializationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about unsafe deserialization. + */ +module UnsafeDeserializationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeDeserializationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDeserialization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll index 3c5cc713e6e..756efb5f3fb 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessCustomizations.qll @@ -10,16 +10,50 @@ import semmle.javascript.frameworks.Express import PropertyInjectionShared module UnsafeDynamicMethodAccess { - private import DataFlow::FlowLabel + private newtype TFlowState = + TTaint() or + TUnsafeFunction() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TTaint() and result = "taint" + or + this = TUnsafeFunction() and result = "unsafe-function" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TTaint() and result.isTaint() + or + this = TUnsafeFunction() and result instanceof UnsafeFunction + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** A tainted value. */ + FlowState taint() { result = TTaint() } + + /** A reference to an unsafe function, such as `eval`, obtained by reading from a tainted property name. */ + FlowState unsafeFunction() { result = TUnsafeFunction() } + } /** * A data flow source for unsafe dynamic method access. */ abstract class Source extends DataFlow::Node { /** - * Gets the flow label relevant for this source. + * Gets a flow state relevant for this source. */ - DataFlow::FlowLabel getFlowLabel() { result = taint() } + FlowState getAFlowState() { result = FlowState::taint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -27,9 +61,12 @@ module UnsafeDynamicMethodAccess { */ abstract class Sink extends DataFlow::Node { /** - * Gets the flow label relevant for this sink + * Gets a flow state relevant for this sink. */ - abstract DataFlow::FlowLabel getFlowLabel(); + FlowState getAFlowState() { result = FlowState::taint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -38,16 +75,20 @@ module UnsafeDynamicMethodAccess { abstract class Sanitizer extends DataFlow::Node { } /** + * DEPRECATED. Use `FlowState::unsafeFunction()` instead. + * * Gets the flow label describing values that may refer to an unsafe * function as a result of an attacker-controlled property name. */ - UnsafeFunction unsafeFunction() { any() } + deprecated UnsafeFunction unsafeFunction() { any() } /** + * DEPRECATED. Use `FlowState::unsafeFunction()` instead. + * * A flow label describing values that may refer to an unsafe * function as a result of an attacker-controlled property name. */ - abstract class UnsafeFunction extends DataFlow::FlowLabel { + abstract deprecated class UnsafeFunction extends DataFlow::FlowLabel { UnsafeFunction() { this = "UnsafeFunction" } } @@ -67,6 +108,6 @@ module UnsafeDynamicMethodAccess { class CalleeAsSink extends Sink { CalleeAsSink() { this = any(DataFlow::InvokeNode node).getCalleeNode() } - override DataFlow::FlowLabel getFlowLabel() { result = unsafeFunction() } + override FlowState getAFlowState() { result = FlowState::unsafeFunction() } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 9ebe36a7cb8..86a225f894a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -9,35 +9,97 @@ import javascript import PropertyInjectionShared -private import DataFlow::FlowLabel import UnsafeDynamicMethodAccessCustomizations::UnsafeDynamicMethodAccess +private import UnsafeDynamicMethodAccessCustomizations::UnsafeDynamicMethodAccess as UnsafeDynamicMethodAccess // Materialize flow labels -private class ConcreteUnsafeFunction extends UnsafeFunction { +deprecated private class ConcreteUnsafeFunction extends UnsafeFunction { ConcreteUnsafeFunction() { this = this } } /** * A taint-tracking configuration for reasoning about unsafe dynamic method access. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { + class FlowState = UnsafeDynamicMethodAccess::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { sink.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer + or + exists(StringConcatenation::getOperand(node, _)) and + not StringConcatenation::isCoercion(node) + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintTracking::defaultSanitizer(node) and + state = FlowState::taint() + } + + /** An additional flow step for use in both this configuration and the legacy configuration. */ + additional predicate additionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + // Reading a property of the global object or of a function + exists(DataFlow::PropRead read | + PropertyInjection::hasUnsafeMethods(read.getBase().getALocalSource()) and + node1 = read.getPropertyNameExpr().flow() and + node2 = read and + state1 = FlowState::taint() and + state2 = FlowState::unsafeFunction() + ) + or + // Reading a chain of properties from any object with a prototype can lead to Function + exists(PropertyProjection proj | + not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and + node1 = proj.getASelector() and + node2 = proj and + state1 = FlowState::taint() and + state2 = FlowState::unsafeFunction() + ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + additionalFlowStep(node1, state1, node2, state2) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + state1 = FlowState::taint() and + TaintTracking::defaultTaintStep(node1, node2) and + state1 = state2 + } +} + +/** + * Taint-tracking for reasoning about unsafe dynamic method access. + */ +module UnsafeDynamicMethodAccessFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeDynamicMethodAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDynamicMethodAccess" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getFlowLabel() = label + UnsafeDynamicMethodAccessConfig::isSource(source, FlowState::fromFlowLabel(label)) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getFlowLabel() = label + UnsafeDynamicMethodAccessConfig::isSink(sink, FlowState::fromFlowLabel(label)) } override predicate isSanitizer(DataFlow::Node node) { super.isSanitizer(node) or - node instanceof Sanitizer - or - exists(StringConcatenation::getOperand(node, _)) and - not StringConcatenation::isCoercion(node) + UnsafeDynamicMethodAccessConfig::isBarrier(node) } /** @@ -51,22 +113,7 @@ class Configuration extends TaintTracking::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - // Reading a property of the global object or of a function - exists(DataFlow::PropRead read | - this.hasUnsafeMethods(read.getBase().getALocalSource()) and - src = read.getPropertyNameExpr().flow() and - dst = read and - srclabel.isTaint() and - dstlabel = unsafeFunction() - ) - or - // Reading a chain of properties from any object with a prototype can lead to Function - exists(PropertyProjection proj | - not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and - src = proj.getASelector() and - dst = proj and - srclabel.isTaint() and - dstlabel = unsafeFunction() - ) + UnsafeDynamicMethodAccessConfig::additionalFlowStep(src, FlowState::fromFlowLabel(srclabel), + dst, FlowState::fromFlowLabel(dstlabel)) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll index 90579211a3f..06bad34b80c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll @@ -13,6 +13,7 @@ module UnsafeHtmlConstruction { private import semmle.javascript.security.dataflow.DomBasedXssCustomizations::DomBasedXss as DomBasedXss private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin as UnsafeJQueryPlugin private import semmle.javascript.PackageExports as Exports + import semmle.javascript.security.CommonFlowState /** * A source for unsafe HTML constructed from library input. @@ -61,6 +62,41 @@ module UnsafeHtmlConstruction { abstract string describe(); } + /** + * A barrier guard for unsafe HTML constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** * A sink for `js/html-constructed-from-input` that constructs some HTML where * that HTML is later used in `xssSink`. @@ -176,17 +212,17 @@ module UnsafeHtmlConstruction { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ - class TypeTestGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class TypeTestGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { polarity = outcome and e = operand and - lbl.isTaint() + state.isTaint() } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll index e6e65e2089d..700c47565fc 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll @@ -15,7 +15,62 @@ deprecated class Configration = Configuration; /** * A taint-tracking configuration for reasoning about unsafe HTML constructed from library input vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeHtmlConstructionConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof Source and + state = [FlowState::taintedObject(), FlowState::taint()] + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof Sink and + state = FlowState::taint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer + or + node instanceof UnsafeJQueryPlugin::Sanitizer + or + DomBasedXss::isOptionallySanitizedNode(node) + or + node = Shared::BarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintTracking::defaultSanitizer(node) and state.isTaint() + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2) + or + // property read from a tainted object is considered tainted + node2.(DataFlow::PropRead).getBase() = node1 and + state1.isTaintedObject() and + state2.isTaint() + or + TaintTracking::defaultTaintStep(node1, node2) and + state1.isTaint() and + state2 = state1 + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about unsafe HTML constructed from library input vulnerabilities. + */ +module UnsafeHtmlConstructionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeHtmlConstructionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeHtmlConstruction" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -68,11 +123,10 @@ class Configuration extends TaintTracking::Configuration { private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll index d1e35a91c26..3fb2827707e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll @@ -9,8 +9,6 @@ private import semmle.javascript.dataflow.InferredTypes import semmle.javascript.security.dataflow.DomBasedXssCustomizations module UnsafeJQueryPlugin { - private import DataFlow::FlowLabel - /** * A data flow source for unsafe jQuery plugins. */ @@ -31,6 +29,27 @@ module UnsafeJQueryPlugin { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for XSS in unsafe jQuery plugins. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * The receiver of a function, seen as a sanitizer. * @@ -110,7 +129,7 @@ module UnsafeJQueryPlugin { /** * An expression of form `isElement(x)`, which sanitizes `x`. */ - class IsElementSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class IsElementSanitizer extends BarrierGuard, DataFlow::CallNode { IsElementSanitizer() { // common ad hoc sanitizing calls exists(string name | this.getCalleeName() = name | @@ -118,7 +137,7 @@ module UnsafeJQueryPlugin { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } @@ -126,7 +145,7 @@ module UnsafeJQueryPlugin { /** * An expression like `typeof x. !== "undefined"` or `x.`, which sanitizes `x`, as it is unlikely to be a string afterwards. */ - class PropertyPresenceSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class PropertyPresenceSanitizer extends BarrierGuard, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -155,20 +174,20 @@ module UnsafeJQueryPlugin { */ DataFlow::PropRead getPropRead() { result = this } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuard instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll index e4b70c176cc..61bb129aa37 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll @@ -10,7 +10,43 @@ import UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin /** * A taint-tracking configuration for reasoning about XSS in unsafe jQuery plugins. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig { + // Note: This query currently misses some results due to two issues: + // - PropertyPresenceSanitizer blocks values in a content + // - localFieldStep has been omitted for performance reaons + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node sink) { + aliasPropertyPresenceStep(node1, sink) + } + + predicate isBarrierOut(DataFlow::Node node) { + // prefixing prevents forced html/css confusion: + // prefixing through concatenation: + StringConcatenation::taintStep(node, _, _, any(int i | i >= 1)) + or + // prefixing through a poor-mans templating system: + node = any(StringReplaceCall call).getRawReplacement() + } +} + +/** + * Taint-tracking for reasoning about XSS in unsafe jQuery plugins. + */ +module UnsafeJQueryPluginFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeJQueryPluginFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeJQueryPlugin" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll index 8e753a5ef63..e65fac9530d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll @@ -46,6 +46,27 @@ module UnsafeShellCommandConstruction { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for shell command constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * A parameter of an exported function, seen as a source for shell command constructed from library input. */ @@ -270,13 +291,13 @@ module UnsafeShellCommandConstruction { * A sanitizer that sanitizers paths that exist in the file-system. * For example: `x` is sanitized in `fs.existsSync(x)` or `fs.existsSync(x + "/suffix/path")`. */ - class PathExistsSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class PathExistsSanitizerGuard extends BarrierGuard, DataFlow::CallNode { PathExistsSanitizerGuard() { this = DataFlow::moduleMember("path", "exist").getACall() or this = DataFlow::moduleMember("fs", "existsSync").getACall() } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and ( e = this.getArgument(0).asExpr() or @@ -289,26 +310,26 @@ module UnsafeShellCommandConstruction { * A guard of the form `typeof x === ""`, where `` is "number", or "boolean", * which sanitizes `x` in its "then" branch. */ - class TypeOfSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class TypeOfSanitizer extends BarrierGuard, DataFlow::ValueNode { Expr x; override EqualityTest astNode; TypeOfSanitizer() { TaintTracking::isTypeofGuard(astNode, x, ["number", "boolean"]) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = astNode.getPolarity() and e = x } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuard instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } private import semmle.javascript.dataflow.internal.AccessPaths diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll index 7d5dae90209..54fa18795d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -13,7 +13,30 @@ import UnsafeShellCommandConstructionCustomizations::UnsafeShellCommandConstruct /** * A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about shell command constructed from library input vulnerabilities. + */ +module UnsafeShellCommandConstructionFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeShellCommandConstructionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeShellCommandConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll index 73b9d9fc52d..e516167a30b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll @@ -10,16 +10,62 @@ import PropertyInjectionShared private import semmle.javascript.dataflow.InferredTypes module UnvalidatedDynamicMethodCall { - private import DataFlow::FlowLabel + private newtype TFlowState = + TTaint() or + TMaybeNonFunction() or + TMaybeFromProto() + + /** A flow state to associate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation fo this flow state */ + string toString() { + this = TTaint() and result = "taint" + or + this = TMaybeNonFunction() and result = "maybe-non-function" + or + this = TMaybeFromProto() and result = "maybe-from-proto" + } + + /** Gets the corresponding flow label. */ + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TTaint() and result.isTaint() + or + this = TMaybeNonFunction() and result instanceof MaybeNonFunction + or + this = TMaybeFromProto() and result instanceof MaybeFromProto + } + } + + /** Predicates for working with flow states. */ + module FlowState { + /** Gets the flow state corresponding to `label`. */ + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** A tainted value. */ + FlowState taint() { result = TTaint() } + + /** + * A non-function value, obtained by reading from a tainted property name. + */ + FlowState maybeNonFunction() { result = TMaybeNonFunction() } + + /** + * A value obtained from a prototype object while reading from a tainted property name. + */ + FlowState maybeFromProto() { result = TMaybeFromProto() } + } /** * A data flow source for unvalidated dynamic method calls. */ abstract class Source extends DataFlow::Node { /** - * Gets the flow label relevant for this source. + * Gets the flow state relevant for this source. */ - DataFlow::FlowLabel getFlowLabel() { result = taint() } + FlowState getAFlowState() { result = FlowState::taint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -27,9 +73,12 @@ module UnvalidatedDynamicMethodCall { */ abstract class Sink extends DataFlow::Node { /** - * Gets the flow label relevant for this sink + * Gets the flow state relevant for this sink */ - abstract DataFlow::FlowLabel getFlowLabel(); + FlowState getAFlowState() { result = FlowState::taint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } } /** @@ -37,9 +86,12 @@ module UnvalidatedDynamicMethodCall { */ abstract class Sanitizer extends DataFlow::Node { /** - * Gets the flow label blocked by this sanitizer. + * Gets a flow state blocked by this sanitizer. */ - DataFlow::FlowLabel getFlowLabel() { result.isTaint() } + FlowState getAFlowState() { result = FlowState::taint() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } /** * DEPRECATED. Use sanitizer nodes instead. @@ -54,11 +106,46 @@ module UnvalidatedDynamicMethodCall { } } + /** + * A barrier guard for unvalidated dynamic method calls. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, FlowState::fromFlowLabel(label)) + } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + BarrierGuard.super.sanitizes(outcome, e, label) + } + } + /** * A flow label describing values read from a user-controlled property that * may not be functions. */ - abstract class MaybeNonFunction extends DataFlow::FlowLabel { + abstract deprecated class MaybeNonFunction extends DataFlow::FlowLabel { MaybeNonFunction() { this = "MaybeNonFunction" } } @@ -66,7 +153,7 @@ module UnvalidatedDynamicMethodCall { * A flow label describing values read from a user-controlled property that * may originate from a prototype object. */ - abstract class MaybeFromProto extends DataFlow::FlowLabel { + abstract deprecated class MaybeFromProto extends DataFlow::FlowLabel { MaybeFromProto() { this = "MaybeFromProto" } } @@ -95,18 +182,22 @@ module UnvalidatedDynamicMethodCall { exists(InvokeExpr invk | this = invk.getCallee().flow() and // don't flag invocations inside a try-catch - not invk.getASuccessor() instanceof CatchClause + not invk.getASuccessor() instanceof CatchClause and + // Filter out `foo.bar()` calls as they usually aren't interesting. + // Technically this could be reachable if preceded by `foo.bar = obj[taint]` + // but such sinks are more likely to be FPs and also slow down the query. + not invk.getCallee() instanceof DotExpr ) } - override DataFlow::FlowLabel getFlowLabel() { - result instanceof MaybeNonFunction and + override FlowState getAFlowState() { + result = FlowState::maybeNonFunction() and // don't flag if the type inference can prove that it is a function; // this complements the `FunctionCheck` sanitizer below: the type inference can // detect more checks locally, but doesn't provide inter-procedural reasoning this.analyze().getAType() != TTFunction() or - result instanceof MaybeFromProto + result = FlowState::maybeFromProto() } } @@ -114,26 +205,26 @@ module UnvalidatedDynamicMethodCall { * A check of the form `typeof x === 'function'`, which sanitizes away the `MaybeNonFunction` * taint kind. */ - class FunctionCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class FunctionCheck extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; FunctionCheck() { TaintTracking::isTypeofGuard(astNode, operand, "function") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { outcome = astNode.getPolarity() and e = operand and - label instanceof MaybeNonFunction + state = FlowState::maybeNonFunction() } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuard instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll index 921ab7f88e2..399d4852cc5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll @@ -13,21 +13,96 @@ import semmle.javascript.frameworks.Express import PropertyInjectionShared private import semmle.javascript.dataflow.InferredTypes import UnvalidatedDynamicMethodCallCustomizations::UnvalidatedDynamicMethodCall -private import DataFlow::FlowLabel +private import UnvalidatedDynamicMethodCallCustomizations::UnvalidatedDynamicMethodCall as UnvalidatedDynamicMethodCall // Materialize flow labels -private class ConcreteMaybeNonFunction extends MaybeNonFunction { +deprecated private class ConcreteMaybeNonFunction extends MaybeNonFunction { ConcreteMaybeNonFunction() { this = this } } -private class ConcreteMaybeFromProto extends MaybeFromProto { +deprecated private class ConcreteMaybeFromProto extends MaybeFromProto { ConcreteMaybeFromProto() { this = this } } +/** Gets a data flow node referring to an instance of `Map`. */ +private DataFlow::SourceNode mapObject(DataFlow::TypeTracker t) { + t.start() and + result = DataFlow::globalVarRef("Map").getAnInstantiation() + or + exists(DataFlow::TypeTracker t2 | result = mapObject(t2).track(t2, t)) +} + +/** Gets a data flow node referring to an instance of `Map`. */ +private DataFlow::SourceNode mapObject() { result = mapObject(DataFlow::TypeTracker::end()) } + /** * A taint-tracking configuration for reasoning about unvalidated dynamic method calls. */ -class Configuration extends TaintTracking::Configuration { +module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig { + class FlowState = UnvalidatedDynamicMethodCall::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source.(Source).getAFlowState() = state + } + + predicate isSink(DataFlow::Node sink, FlowState state) { sink.(Sink).getAFlowState() = state } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node.(Sanitizer).getAFlowState() = state + or + TaintTracking::defaultSanitizer(node) and + state = FlowState::taint() + or + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + exists(DataFlow::PropRead read | + node1 = read.getPropertyNameExpr().flow() and + node2 = read and + state1 = FlowState::taint() and + ( + state2 = FlowState::maybeNonFunction() + or + // a property of `Object.create(null)` cannot come from a prototype + not PropertyInjection::isPrototypeLessObject(read.getBase().getALocalSource()) and + state2 = FlowState::maybeFromProto() + ) and + // avoid overlapping results with unsafe dynamic method access query + not PropertyInjection::hasUnsafeMethods(read.getBase().getALocalSource()) + ) + or + exists(DataFlow::CallNode get | + get = mapObject().getAMethodCall("get") and + get.getNumArgument() = 1 and + node1 = get.getArgument(0) and + node2 = get + ) and + state1 = FlowState::taint() and + state2 = FlowState::maybeNonFunction() + or + state1 = FlowState::taint() and + TaintTracking::defaultTaintStep(node1, node2) and + state1 = state2 + } +} + +/** + * Taint-tracking for reasoning about unvalidated dynamic method calls. + */ +module UnvalidatedDynamicMethodCallFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnvalidatedDynamicMethodCallFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnvalidatedDynamicMethodCall" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -53,26 +128,7 @@ class Configuration extends TaintTracking::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - exists(DataFlow::PropRead read | - src = read.getPropertyNameExpr().flow() and - dst = read and - srclabel.isTaint() and - ( - dstlabel instanceof MaybeNonFunction - or - // a property of `Object.create(null)` cannot come from a prototype - not PropertyInjection::isPrototypeLessObject(read.getBase().getALocalSource()) and - dstlabel instanceof MaybeFromProto - ) and - // avoid overlapping results with unsafe dynamic method access query - not PropertyInjection::hasUnsafeMethods(read.getBase().getALocalSource()) - ) - or - exists(DataFlow::SourceNode base, DataFlow::CallNode get | get = base.getAMethodCall("get") | - src = get.getArgument(0) and - dst = get - ) and - srclabel.isTaint() and - dstlabel instanceof MaybeNonFunction + UnvalidatedDynamicMethodCallConfig::isAdditionalFlowStep(src, + FlowState::fromFlowLabel(srclabel), dst, FlowState::fromFlowLabel(dstlabel)) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll index fe036872ee3..81b7be46cb2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll @@ -100,11 +100,27 @@ predicate hostnameSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sin /** * A check that sanitizes the hostname of a URL. */ -class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith { +class HostnameSanitizerGuard extends StringOps::StartsWith { HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) } - override predicate sanitizes(boolean outcome, Expr e) { + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity() and e = this.getBaseString().asExpr() } } + +deprecated private class HostnameSanitizerGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof HostnameSanitizerGuard +{ + override predicate sanitizes(boolean outcome, Expr e) { + HostnameSanitizerGuard.super.sanitizes(outcome, e) + } +} + +/** + * A check that sanitizes the hostname of a URL. + */ +module HostnameSanitizerGuard = DataFlow::MakeBarrierGuard; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll index 951b927f86e..e6ff29f81c5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll @@ -13,7 +13,23 @@ import XmlBombCustomizations::XmlBomb /** * A taint-tracking configuration for reasoning about XML-bomb vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XmlBombConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XML-bomb vulnerabilities. + */ +module XmlBombFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XmlBombFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XmlBomb" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll index 08e84e834d0..9016c19bd9e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll @@ -14,7 +14,23 @@ import XpathInjectionCustomizations::XpathInjection /** * A taint-tracking configuration for untrusted user input used in XPath expression. */ -class Configuration extends TaintTracking::Configuration { +module XpathInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in XPath expression. + */ +module XpathInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XpathInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XpathInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index a0def5b7b74..0d17c9d8494 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -71,10 +71,36 @@ module Shared { private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml + /** + * A barrier guard that applies to multiple XSS queries. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** + * A barrier guard that applies to multiple XSS queries. + */ + module BarrierGuard = DataFlow::MakeBarrierGuard; + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * A guard that checks if a string can contain quotes, which is a guard for strings that are inside an HTML attribute. */ - abstract class QuoteGuard extends TaintTracking::SanitizerGuardNode, StringOps::Includes { + class QuoteGuard extends BarrierGuard, StringOps::Includes { QuoteGuard() { this.getSubstring().mayHaveStringValue("\"") and this.getBaseString() @@ -82,7 +108,7 @@ module Shared { .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat)) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getBaseString().getEnclosingExpr() and outcome = this.getPolarity().booleanNot() } } @@ -91,7 +117,7 @@ module Shared { * A sanitizer guard that checks for the existence of HTML chars in a string. * E.g. `/["'&<>]/.exec(str)`. */ - abstract class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, StringOps::RegExpTest { + class ContainsHtmlGuard extends BarrierGuard, StringOps::RegExpTest { ContainsHtmlGuard() { exists(RegExpCharacterClass regExp | regExp = this.getRegExp() and @@ -99,7 +125,7 @@ module Shared { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity().booleanNot() and e = this.getStringOperand().asExpr() } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll index bf38b2e2a5d..95f02768456 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll @@ -16,6 +16,27 @@ module XssThroughDom { /** A data flow source for XSS through DOM vulnerabilities. */ abstract class Source extends Shared::Source { } + /** + * A barrier guard for XSS through the DOM. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * Gets an attribute name that could store user-controlled data. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll index cc75078fd67..74a840b05b2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll @@ -11,7 +11,43 @@ private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizati /** * A taint-tracking configuration for reasoning about XSS through the DOM. */ -class Configuration extends TaintTracking::Configuration { +module XssThroughDomConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + DomBasedXss::isOptionallySanitizedNode(node) or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = Shared::BarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node2 = DataFlow::globalVarRef("URL").getAMemberCall("createObjectURL") and + node1 = node2.(DataFlow::InvokeNode).getArgument(0) + } +} + +/** + * Taint-tracking configuration for reasoning about XSS through the DOM. + */ +module XssThroughDomFlow = TaintTracking::Global; + +/** + * Holds if the `source,sink` pair should not be reported. + */ +bindingset[source, sink] +predicate isIgnoredSourceSinkPair(Source source, DomBasedXss::Sink sink) { + source.(DomPropertySource).getPropertyName() = "src" and + sink instanceof DomBasedXss::WriteUrlSink +} + +/** + * DEPRECATED. Use the `XssThroughDomFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XssThroughDOM" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,14 +85,14 @@ class Configuration extends TaintTracking::Configuration { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ -class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class TypeTestGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { polarity = outcome and e = operand } @@ -64,21 +100,18 @@ class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNo private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode, - DomBasedXss::PrefixStringSanitizer -{ +private class PrefixStringSanitizer extends DomBasedXss::PrefixStringSanitizer { PrefixStringSanitizer() { this = this } } -private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString { +deprecated private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString { PrefixString() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll index 82d3fb4f6cc..c82289b28bc 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll @@ -13,7 +13,23 @@ import XxeCustomizations::Xxe /** * A taint-tracking configuration for reasoning about XXE vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XxeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XXE vulnerabilities. + */ +module XxeFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XxeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "Xxe" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipCustomizations.qll index 1cb58609d13..01e40fd5dbf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipCustomizations.qll @@ -14,7 +14,12 @@ module ZipSlip { */ abstract class Source extends DataFlow::Node { /** Gets a flow label denoting the type of value for which this is a source. */ - TaintedPath::Label::PosixPath getAFlowLabel() { result.isRelative() } + TaintedPath::FlowState::PosixPath getAFlowState() { result.isRelative() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated TaintedPath::Label::PosixPath getAFlowLabel() { + result = this.getAFlowState().toFlowLabel() + } } /** @@ -22,7 +27,12 @@ module ZipSlip { */ abstract class Sink extends DataFlow::Node { /** Gets a flow label denoting the type of value for which this is a sink. */ - TaintedPath::Label::PosixPath getAFlowLabel() { any() } + TaintedPath::FlowState::PosixPath getAFlowState() { any() } + + /** DEPRECATED. Use `getAFlowState()` instead. */ + deprecated TaintedPath::Label::PosixPath getAFlowLabel() { + result = this.getAFlowState().toFlowLabel() + } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll index 9aad934759d..39c18429fde 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll @@ -11,16 +11,46 @@ import javascript import ZipSlipCustomizations::ZipSlip // Materialize flow labels -private class ConcretePosixPath extends TaintedPath::Label::PosixPath { +deprecated private class ConcretePosixPath extends TaintedPath::Label::PosixPath { ConcretePosixPath() { this = this } } -private class ConcreteSplitPath extends TaintedPath::Label::SplitPath { +deprecated private class ConcreteSplitPath extends TaintedPath::Label::SplitPath { ConcreteSplitPath() { this = this } } /** A taint tracking configuration for unsafe archive extraction. */ -class Configuration extends DataFlow::Configuration { +module ZipSlipConfig implements DataFlow::StateConfigSig { + class FlowState = TaintedPath::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + state = source.(Source).getAFlowState() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { state = sink.(Sink).getAFlowState() } + + predicate isBarrier(DataFlow::Node node) { + node instanceof TaintedPath::Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = + DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedPath::isAdditionalFlowStep(node1, state1, node2, state2) + } +} + +/** A taint tracking configuration for unsafe archive extraction. */ +module ZipSlipFlow = DataFlow::GlobalWithState; + +/** A taint tracking configuration for unsafe archive extraction. */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "ZipSlip" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -44,6 +74,7 @@ class Configuration extends DataFlow::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - TaintedPath::isAdditionalTaintedPathFlowStep(src, dst, srclabel, dstlabel) + ZipSlipConfig::isAdditionalFlowStep(src, TaintedPath::FlowState::fromFlowLabel(srclabel), dst, + TaintedPath::FlowState::fromFlowLabel(dstlabel)) } } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll index 30bd36c124e..dce63894f8b 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll @@ -46,6 +46,27 @@ module PolynomialReDoS { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for polynomial regular expression denial-of-service attacks. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** DEPRECATED. Use `blocksExpr` instead. */ + deprecated predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + deprecated final private class BarrierGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BarrierGuard + { + override predicate sanitizes(boolean outcome, Expr e) { + BarrierGuard.super.sanitizes(outcome, e) + } + } + /** * A remote input to a server, seen as a source for polynomial * regular expression denial-of-service vulnerabilities. @@ -118,7 +139,7 @@ module PolynomialReDoS { /** * An check on the length of a string, seen as a sanitizer guard. */ - class LengthGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class LengthGuard extends BarrierGuard, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -133,7 +154,7 @@ module PolynomialReDoS { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index f8675bde3f2..8b21f8e98b3 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -11,7 +11,29 @@ import javascript import PolynomialReDoSCustomizations::PolynomialReDoS /** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */ -class Configuration extends TaintTracking::Configuration { +module PolynomialReDoSConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { none() } + + int fieldFlowBranchLimit() { result = 1 } // library inputs are too expensive on some projects +} + +/** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ +module PolynomialReDoSFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PolynomialReDoSFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PolynomialReDoS" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/utils/test/ConsistencyChecking.qll b/javascript/ql/lib/utils/test/ConsistencyChecking.qll index 3c30f8accb2..f614a93500d 100644 --- a/javascript/ql/lib/utils/test/ConsistencyChecking.qll +++ b/javascript/ql/lib/utils/test/ConsistencyChecking.qll @@ -1,3 +1,9 @@ +/** + * DEPRECATED, but can be imported with a `deprecated import`. + * + * Will be replaced with standardized inline test expectations in the future. + */ + import javascript /** @@ -7,7 +13,7 @@ import javascript * * If no configuration is specified, then the default is that the all sinks from a `DataFlow::Configuration` are alerts, and all files are consistency-checked. */ -abstract class ConsistencyConfiguration extends string { +abstract deprecated class ConsistencyConfiguration extends string { bindingset[this] ConsistencyConfiguration() { any() } @@ -30,7 +36,7 @@ abstract class ConsistencyConfiguration extends string { * * Is used internally to match a configuration or lack thereof. */ -final private class Conf extends string { +deprecated final private class Conf extends string { Conf() { this instanceof ConsistencyConfiguration or @@ -40,10 +46,10 @@ final private class Conf extends string { } /** - * A line-comment that asserts whether a result exists at that line or not. + * A comment that asserts whether a result exists at that line or not. * Can optionally include `[INCONSISTENCY]` to indicate that a consistency issue is expected at the location */ -private class AssertionComment extends LineComment { +private class AssertionComment extends Comment { boolean shouldHaveAlert; AssertionComment() { @@ -65,12 +71,14 @@ private class AssertionComment extends LineComment { predicate expectConsistencyError() { this.getText().matches("%[INCONSISTENCY]%") } } -private DataFlow::Node getASink() { exists(DataFlow::Configuration cfg | cfg.hasFlow(_, result)) } +deprecated private DataFlow::Node getASink() { + exists(DataFlow::Configuration cfg | cfg.hasFlow(_, result)) +} /** * Gets all the alerts for consistency consistency checking from a configuration `conf`. */ -private DataFlow::Node alerts(Conf conf) { +deprecated private DataFlow::Node alerts(Conf conf) { result = conf.(ConsistencyConfiguration).getAnAlert() or not exists(ConsistencyConfiguration r) and @@ -83,7 +91,7 @@ private DataFlow::Node alerts(Conf conf) { * The `line` can be either the first or the last line of the alert. * And if no expression exists at `line`, then an alert on the next line is used. */ -private DataFlow::Node getAlert(File file, int line, Conf conf) { +deprecated private DataFlow::Node getAlert(File file, int line, Conf conf) { result = alerts(conf) and result.getFile() = file and (result.hasLocationInfo(_, _, _, line, _) or result.hasLocationInfo(_, line, _, _, _)) @@ -108,7 +116,7 @@ private AssertionComment getComment(File file, int line) { /** * Holds if there is a false positive in `file` at `line` for configuration `conf`. */ -private predicate falsePositive(File file, int line, AssertionComment comment, Conf conf) { +deprecated private predicate falsePositive(File file, int line, AssertionComment comment, Conf conf) { exists(getAlert(file, line, conf)) and comment = getComment(file, line) and not comment.shouldHaveAlert() @@ -117,7 +125,7 @@ private predicate falsePositive(File file, int line, AssertionComment comment, C /** * Holds if there is a false negative in `file` at `line` for configuration `conf`. */ -private predicate falseNegative(File file, int line, AssertionComment comment, Conf conf) { +deprecated private predicate falseNegative(File file, int line, AssertionComment comment, Conf conf) { not exists(getAlert(file, line, conf)) and comment = getComment(file, line) and comment.shouldHaveAlert() @@ -126,10 +134,10 @@ private predicate falseNegative(File file, int line, AssertionComment comment, C /** * Gets a file that should be included for consistency checking for configuration `conf`. */ -private File getATestFile(string conf) { +deprecated private File getATestFile(string conf) { not exists(any(ConsistencyConfiguration res).getAFile()) and result = any(LineComment comment).getFile() and - conf = "" + (conf = "" or conf instanceof ConsistencyConfiguration) or result = conf.(ConsistencyConfiguration).getAFile() } @@ -139,7 +147,7 @@ private File getATestFile(string conf) { * Or the empty string */ bindingset[file, line] -private string getSinkDescription(File file, int line, Conf conf) { +deprecated private string getSinkDescription(File file, int line, Conf conf) { not exists(DataFlow::Configuration c | c.hasFlow(_, getAlert(file, line, conf))) and result = "" or @@ -153,7 +161,9 @@ private string getSinkDescription(File file, int line, Conf conf) { * The consistency issue an unexpected false positive/negative. * Or that false positive/negative was expected, and none were found. */ -query predicate consistencyIssue(string location, string msg, string commentText, Conf conf) { +deprecated query predicate consistencyIssue( + string location, string msg, string commentText, Conf conf +) { exists(File file, int line | file = getATestFile(conf) and location = file.getRelativePath() + ":" + line | diff --git a/javascript/ql/lib/utils/test/InlineFlowTest.qll b/javascript/ql/lib/utils/test/InlineFlowTest.qll new file mode 100644 index 00000000000..567043f4b52 --- /dev/null +++ b/javascript/ql/lib/utils/test/InlineFlowTest.qll @@ -0,0 +1,25 @@ +/** + * Inline flow tests for JavaScript. + * See `shared/util/codeql/dataflow/test/InlineFlowTest.qll` + */ + +private import javascript +private import semmle.javascript.Locations +private import codeql.dataflow.test.InlineFlowTest +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowArg +private import semmle.javascript.frameworks.data.internal.ApiGraphModelsExtensions as ApiGraphModelsExtensions +private import internal.InlineExpectationsTestImpl + +private module FlowTestImpl implements InputSig { + import utils.test.InlineFlowTestUtil + + bindingset[src, sink] + string getArgString(DataFlow::Node src, DataFlow::Node sink) { + (if exists(getSourceArgString(src)) then result = getSourceArgString(src) else result = "") and + exists(sink) + } + + predicate interpretModelForTest = ApiGraphModelsExtensions::interpretModelForTest/2; +} + +import InlineFlowTestMake diff --git a/javascript/ql/lib/utils/test/InlineFlowTestUtil.qll b/javascript/ql/lib/utils/test/InlineFlowTestUtil.qll new file mode 100644 index 00000000000..4072e4dd9e6 --- /dev/null +++ b/javascript/ql/lib/utils/test/InlineFlowTestUtil.qll @@ -0,0 +1,21 @@ +/** + * Defines the default source and sink recognition for `InlineFlowTest.qll`. + * + * We reuse these predicates in some type-tracking tests that don't wish to bring in the + * test configuration from `InlineFlowTest`. + */ + +private import javascript + +predicate defaultSource(DataFlow::Node src) { src.(DataFlow::CallNode).getCalleeName() = "source" } + +predicate defaultSink(DataFlow::Node sink) { + exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | sink = call.getAnArgument()) +} + +bindingset[src] +string getSourceArgString(DataFlow::Node src) { + src.(DataFlow::CallNode).getAnArgument().getStringValue() = result + or + src.(DataFlow::ParameterNode).getName() = result +} diff --git a/javascript/ql/lib/utils/test/InlineSummaries.qll b/javascript/ql/lib/utils/test/InlineSummaries.qll new file mode 100644 index 00000000000..559f1360977 --- /dev/null +++ b/javascript/ql/lib/utils/test/InlineSummaries.qll @@ -0,0 +1,37 @@ +import javascript +import semmle.javascript.dataflow.FlowSummary + +class MkSummary extends SummarizedCallable { + private CallExpr mkSummary; + + MkSummary() { + mkSummary.getCalleeName() = "mkSummary" and + this = + "mkSummary at " + mkSummary.getFile().getRelativePath() + ":" + + mkSummary.getLocation().getStartLine() + } + + override DataFlow::InvokeNode getACallSimple() { + result = mkSummary.flow().(DataFlow::CallNode).getAnInvocation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // mkSummary(input, output) + input = mkSummary.getArgument(0).getStringValue() and + output = mkSummary.getArgument(1).getStringValue() + or + // mkSummary([ + // [input1, output1], + // [input2, output2], + // ... + // ]) + exists(ArrayExpr pair | + pair = mkSummary.getArgument(0).(ArrayExpr).getAnElement() and + input = pair.getElement(0).getStringValue() and + output = pair.getElement(1).getStringValue() + ) + ) + } +} diff --git a/javascript/ql/lib/utils/test/LegacyDataFlowDiff.qll b/javascript/ql/lib/utils/test/LegacyDataFlowDiff.qll new file mode 100644 index 00000000000..0995d06199c --- /dev/null +++ b/javascript/ql/lib/utils/test/LegacyDataFlowDiff.qll @@ -0,0 +1,19 @@ +private import javascript + +private signature class LegacyConfigSig { + predicate hasFlow(DataFlow::Node source, DataFlow::Node sink); +} + +module DataFlowDiff { + query predicate legacyDataFlowDifference( + DataFlow::Node source, DataFlow::Node sink, string message + ) { + NewFlow::flow(source, sink) and + not any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with NEW data flow library" + or + not NewFlow::flow(source, sink) and + any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with OLD data flow library" + } +} diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index befc556b033..7a4e72136f4 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -15,13 +15,13 @@ import javascript import semmle.javascript.security.regexp.PolynomialReDoSQuery -import DataFlow::PathGraph +import PolynomialReDoSFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode, + PolynomialReDoSFlow::PathNode source, PolynomialReDoSFlow::PathNode sink, Sink sinkNode, PolynomialBackTrackingTerm regexp where - cfg.hasFlowPath(source, sink) and + PolynomialReDoSFlow::flowPath(source, sink) and sinkNode = sink.getNode() and regexp = sinkNode.getRegExp() and not ( diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 67d6f14f660..30931a6a582 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -11,10 +11,12 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index e3ea395c480..b5864519932 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -17,9 +17,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where TaintedPathFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.ql b/javascript/ql/src/Security/CWE-022/ZipSlip.ql index aef13830eb1..e2f13d0e1f6 100644 --- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql +++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ZipSlipQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ZipSlipFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select source.getNode(), source, sink, "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), "file system operation" diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql index 68ef1b12c79..1db62b2e7f0 100644 --- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql +++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql @@ -12,10 +12,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + TemplateObjectInjectionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Template object depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index f09a93c4d40..b1e14622304 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -15,16 +15,16 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() diff --git a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql index 34f89023441..cd229cd1f39 100644 --- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql @@ -15,14 +15,16 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery +import IndirectCommandInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight +from + IndirectCommandInjectionFlow::PathNode source, IndirectCommandInjectionFlow::PathNode sink, + DataFlow::Node highlight where - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + IndirectCommandInjectionFlow::flowPath(source, sink) and + if IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), _) + then IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This command depends on an unsanitized $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql index deb792a53ee..47f9e02d388 100644 --- a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql @@ -14,11 +14,14 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from PathNode source, PathNode sink, Sink sinkNode +where + SecondOrderCommandInjectionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and + sinkNode = sink.getNode() select sink.getNode(), source, sink, "Command line argument that depends on $@ can execute an arbitrary command if " + sinkNode.getVulnerableArgumentExample() + " is used with " + sinkNode.getCommand() + ".", diff --git a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql index cad1039814c..2fbb8187057 100644 --- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql @@ -14,17 +14,18 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery +import ShellCommandInjectionFromEnvironmentFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, + ShellCommandInjectionFromEnvironmentFlow::PathNode source, + ShellCommandInjectionFromEnvironmentFlow::PathNode sink, DataFlow::Node highlight, Source sourceNode where sourceNode = source.getNode() and - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + ShellCommandInjectionFromEnvironmentFlow::flowPath(source, sink) and + if ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), _) + then ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This shell command depends on an uncontrolled $@.", sourceNode, sourceNode.getSourceType() diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql index 3b96b6beffb..4b866c9cfff 100644 --- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql +++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery -import DataFlow::PathGraph +import UnsafeShellCommandConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeShellCommandConstructionFlow::PathNode source, + UnsafeShellCommandConstructionFlow::PathNode sink, Sink sinkNode +where UnsafeShellCommandConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sinkNode.getAlertLocation(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later used in a $@.", source.getNode(), "library input", sinkNode.getCommandExecution(), "shell command" diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql index c43206abb66..76e56f1494d 100644 --- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql +++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ExceptionXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ExceptionXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), source.getNode().(Source).getDescription() diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index 9bed0516d18..7b42f95b691 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery -import DataFlow::PathGraph +import ReflectedXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ReflectedXssFlow::PathNode source, ReflectedXssFlow::PathNode sink +where ReflectedXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index 0c7402b3b68..82847c537b9 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.", source.getNode(), "stored value" diff --git a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql index 3e1818af026..9746e21334c 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql @@ -13,11 +13,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sink.getNode() = sinkNode +from PathNode source, PathNode sink, Sink sinkNode +where + UnsafeHtmlConstructionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + sink.getNode() = sinkNode select sinkNode, source, sink, "This " + sinkNode.describe() + " which depends on $@ might later allow $@.", source.getNode(), "library input", sinkNode.getSink(), sinkNode.getVulnerabilityKind().toLowerCase() diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql index 0cd8312a8cd..5bb2abb2564 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql @@ -14,13 +14,13 @@ import javascript import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery -import DataFlow::PathGraph +import UnsafeJQueryPluginFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, + UnsafeJQueryPluginFlow::PathNode source, UnsafeJQueryPluginFlow::PathNode sink, JQuery::JQueryPluginMethod plugin where - cfg.hasFlowPath(source, sink) and + UnsafeJQueryPluginFlow::flowPath(source, sink) and source.getNode().(Source).getPlugin() = plugin select sink.getNode(), source, sink, "Potential XSS vulnerability in the $@.", plugin, "'$.fn." + plugin.getPluginName() + "' plugin" diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 8e67d249fa9..ee7a3d8d009 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index 87a76d82227..e690e2bab28 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -14,9 +14,11 @@ import javascript import semmle.javascript.security.dataflow.XssThroughDomQuery -import DataFlow::PathGraph +import XssThroughDomFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XssThroughDomFlow::PathNode source, XssThroughDomFlow::PathNode sink +where + XssThroughDomFlow::flowPath(source, sink) and + not isIgnoredSourceSinkPair(source.getNode(), sink.getNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), "DOM text" diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index f7a40bb91f9..7d64fb222ca 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -14,17 +14,23 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index a4ed71e2949..c08f75bb673 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -16,9 +16,9 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql index 181079b05bb..2f13568e928 100644 --- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql +++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ImproperCodeSanitizationQuery -import DataFlow::PathGraph private import semmle.javascript.heuristics.HeuristicSinks private import semmle.javascript.security.dataflow.CodeInjectionCustomizations +import ImproperCodeSanitizationFlow::PathGraph /** * Gets a type-tracked instance of `RemoteFlowSource` using type-tracker `t`. @@ -60,9 +60,9 @@ private DataFlow::Node endsInCodeInjectionSink() { result = endsInCodeInjectionSink(DataFlow::TypeBackTracker::end()) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from ImproperCodeSanitizationFlow::PathNode source, ImproperCodeSanitizationFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + ImproperCodeSanitizationFlow::flowPath(source, sink) and // Basic detection of duplicate results with `js/code-injection`. not ( sink.getNode().(StringOps::ConcatenationLeaf).getRoot() = endsInCodeInjectionSink() and diff --git a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql index 2adf02114b9..e68a482f8d2 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql @@ -14,11 +14,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeCodeConstruction::UnsafeCodeConstruction +import UnsafeCodeConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeCodeConstructionFlow::PathNode source, UnsafeCodeConstructionFlow::PathNode sink, + Sink sinkNode +where UnsafeCodeConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sink.getNode(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later $@.", source.getNode(), "library input", sinkNode.getCodeSink(), "interpreted as code" diff --git a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql index 4659ce89178..3a108a79132 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessQuery -import DataFlow::PathGraph +import UnsafeDynamicMethodAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDynamicMethodAccessFlow::PathNode source, UnsafeDynamicMethodAccessFlow::PathNode sink +where UnsafeDynamicMethodAccessFlow::flowPath(source, sink) select sink, source, sink, "This method is invoked using a $@, which may allow remote code execution.", source.getNode(), "user-controlled value" diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql index eec14ab7ba3..46b60ea9c99 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql @@ -15,9 +15,9 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationQuery import semmle.javascript.security.IncompleteBlacklistSanitizer +import DataFlow::DeduplicatePathGraph /** * Gets a pretty string of the dangerous characters for `sink`. @@ -31,8 +31,10 @@ string prettyPrintDangerousCharaters(Sink sink) { ).regexpReplaceAll(",(?=[^,]+$)", " or") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + IncompleteHtmlAttributeSanitizationFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, // this message is slightly sub-optimal as we do not have an easy way // to get the flow labels that reach the sink, so the message includes diff --git a/javascript/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/Security/CWE-117/LogInjection.ql index 6a2176a9e9f..5386f3d0d6c 100644 --- a/javascript/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql @@ -12,10 +12,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 0a595e7e05f..1f315244cbe 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where TaintedFormatStringFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index a0145f6034f..75a09efb96b 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttpQuery -import DataFlow::PathGraph +import FileAccessToHttpFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from FileAccessToHttpFlow::PathNode source, FileAccessToHttpFlow::PathNode sink +where FileAccessToHttpFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Outbound network request depends on $@.", source.getNode(), "file data" diff --git a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql index 90a3d526db5..71da63e3f50 100644 --- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql +++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.PostMessageStarQuery -import DataFlow::PathGraph +import PostMessageStarFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PostMessageStarFlow::PathNode source, PostMessageStarFlow::PathNode sink +where PostMessageStarFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ is sent to another window without origin restriction.", source.getNode(), "Sensitive data" diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 8342dea6e72..b6bf246387c 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.StackTraceExposureQuery -import DataFlow::PathGraph +import StackTraceExposureFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StackTraceExposureFlow::PathNode source, StackTraceExposureFlow::PathNode sink +where StackTraceExposureFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This information exposed to the user depends on $@.", source.getNode(), "stack trace information" diff --git a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql index 0e61cc1ebf2..79d2d4d41ed 100644 --- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql +++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql @@ -15,10 +15,10 @@ import javascript import semmle.javascript.security.dataflow.BuildArtifactLeakQuery -import DataFlow::PathGraph +import BuildArtifactLeakFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from BuildArtifactLeakFlow::PathNode source, BuildArtifactLeakFlow::PathNode sink +where BuildArtifactLeakFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This creates a build artifact that depends on $@.", source.getNode(), "sensitive data returned by" + source.getNode().(CleartextLogging::Source).describe() diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 02779fa2e05..dbc791cbaaa 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.CleartextLoggingQuery -import DataFlow::PathGraph +import CleartextLoggingFlow::PathGraph /** * Holds if `tl` is used in a browser environment. @@ -33,9 +33,9 @@ predicate inBrowserEnvironment(TopLevel tl) { ) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + CleartextLoggingFlow::flowPath(source, sink) and // ignore logging to the browser console (even though it is not a good practice) not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel()) select sink.getNode(), source, sink, "This logs sensitive data returned by $@ as clear text.", diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 4660c4add9f..6f9bef802be 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.CleartextStorageQuery -import DataFlow::PathGraph +import ClearTextStorageFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ClearTextStorageFlow::PathNode source, ClearTextStorageFlow::PathNode sink +where ClearTextStorageFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index a4dd7ed6372..d888a5acdc4 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -14,13 +14,13 @@ import javascript import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmQuery import semmle.javascript.security.SensitiveActions -import DataFlow::PathGraph +import BrokenCryptoAlgorithmFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Source sourceNode, - Sink sinkNode + BrokenCryptoAlgorithmFlow::PathNode source, BrokenCryptoAlgorithmFlow::PathNode sink, + Source sourceNode, Sink sinkNode where - cfg.hasFlowPath(source, sink) and + BrokenCryptoAlgorithmFlow::flowPath(source, sink) and sourceNode = source.getNode() and sinkNode = sink.getNode() and not sourceNode instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 1d30221358d..2bfcfc14d50 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.InsecureRandomnessQuery -import DataFlow::PathGraph +import InsecureRandomnessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureRandomnessFlow::PathNode source, InsecureRandomnessFlow::PathNode sink +where InsecureRandomnessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This uses a cryptographically insecure random number generated at $@ in a security context.", source.getNode(), source.getNode().toString() diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 279f09f71ba..ac8acac4742 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where CorsMisconfigurationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql index 9e9a9f12659..9a13bfbe4a5 100644 --- a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql +++ b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.InsecureTemporaryFileQuery +import InsecureTemporaryFileFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureTemporaryFileFlow::PathNode source, InsecureTemporaryFileFlow::PathNode sink +where InsecureTemporaryFileFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Insecure creation of file in $@.", source.getNode(), "the os temp dir" diff --git a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql index a9ea46c4510..066c3f148d5 100644 --- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql @@ -11,14 +11,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node link, - string reason +from PathNode source, PathNode sink, DataFlow::Node link, string reason where - cfg.hasFlowPath(source, sink) and + DeepObjectResourceExhaustionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and sink.getNode().(Sink).hasReason(link, reason) select sink, source, sink, "Denial of service caused by processing $@ with $@.", source.getNode(), "user input", link, reason diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 287b196feff..92d18b3f1a2 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where RemotePropertyInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 35ae85130c9..e940ddff338 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where UnsafeDeserializationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql index 9fd53ce9916..bc6a5e5466f 100644 --- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql +++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql @@ -14,10 +14,12 @@ import javascript import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + HardcodedDataInterpretedAsCodeFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is interpreted as " + sink.getNode().(Sink).getKind() + ".", source.getNode(), "Hard-coded data" diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index 6f29d388268..a4b08e385ba 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -15,9 +15,10 @@ import javascript import semmle.javascript.security.dataflow.ClientSideUrlRedirectQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + ClientSideUrlRedirectFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index 76402706586..e3bc53ec436 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery -import DataFlow::PathGraph +import ServerSideUrlRedirectFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ServerSideUrlRedirectFlow::PathNode source, ServerSideUrlRedirectFlow::PathNode sink +where ServerSideUrlRedirectFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 6f544f3a2e5..e1e84e36048 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 9cb88a29b9d..377fcfcd1cb 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGenerationQuery -import DataFlow::PathGraph +import HostHeaderPoisoningFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HostHeaderPoisoningFlow::PathNode source, HostHeaderPoisoningFlow::PathNode sink +where HostHeaderPoisoningFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Links in this email can be hijacked by poisoning the $@.", source.getNode(), "HTTP host header" diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index 8a5bfbd791f..c28441d8e24 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index 5b679cf1dcf..4260c5e23ee 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql index c2841c5e902..df84c62edf7 100644 --- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql +++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql @@ -13,10 +13,12 @@ import javascript import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + UnvalidatedDynamicMethodCallFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Invocation of method with $@ name may dispatch to unexpected target and cause an exception.", source.getNode(), "user-controlled" diff --git a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql index 4a32424ac3e..89452bea8ca 100644 --- a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index e418f329810..aa3f48c6037 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index 1c13ad78bfa..a94153e0226 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -15,14 +15,14 @@ import javascript import semmle.javascript.security.dataflow.HardcodedCredentialsQuery -import DataFlow::PathGraph +import HardcodedCredentials::PathGraph bindingset[s] predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value +from HardcodedCredentials::PathNode source, HardcodedCredentials::PathNode sink, string value where - cfg.hasFlowPath(source, sink) and + HardcodedCredentials::flowPath(source, sink) and // use source value in message if it's available if source.getNode().asExpr() instanceof ConstantString then diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index 492dc5b8b6e..a493662453e 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql index d1f27267477..b040645eacd 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.InsecureDownloadQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where InsecureDownloadFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ of sensitive file from $@.", sink.getNode().(Sink).getDownloadCall(), "Download", source.getNode(), "HTTP source" diff --git a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql index 1970378ea9a..8a8c74e9847 100644 --- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql +++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.LoopBoundInjectionQuery -import DataFlow::PathGraph +import LoopBoundInjectionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from LoopBoundInjectionFlow::PathNode source, LoopBoundInjectionFlow::PathNode sink +where LoopBoundInjectionFlow::flowPath(source, sink) select sink, source, sink, "Iteration over a user-controlled object with a potentially unbounded .length property from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 795ad48409c..5887cb1db37 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingQuery -import DataFlow::PathGraph +import TypeConfusionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TypeConfusionFlow::PathNode source, TypeConfusionFlow::PathNode sink +where TypeConfusionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Potential type confusion as $@ may be either an array or a string.", source.getNode(), "this HTTP request parameter" diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index a2953365b64..88362ce545d 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HttpToFileAccessQuery -import DataFlow::PathGraph +import HttpToFileAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink +where HttpToFileAccessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(), "Untrusted data" diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index 2b916426169..b5f86910e9d 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -19,10 +19,13 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph +import PrototypePollutingAssignmentFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql index fa2fd3da021..2a49f47379c 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql @@ -17,11 +17,10 @@ */ import javascript -import DataFlow -import PathGraph import semmle.javascript.DynamicPropertyAccess private import semmle.javascript.dataflow.InferredTypes +// WIN: gained TP in Lucifier/r.js:2757, though not sure why it wasn't flagged to start with. /** * A call of form `x.split(".")` where `x` is a parameter. * @@ -30,14 +29,14 @@ private import semmle.javascript.dataflow.InferredTypes class SplitCall extends StringSplitCall { SplitCall() { this.getSeparator() = "." and - this.getBaseString().getALocalSource() instanceof ParameterNode + this.getBaseString().getALocalSource() instanceof DataFlow::ParameterNode } } /** * Holds if `pred -> succ` should preserve polluted property names. */ -predicate copyArrayStep(SourceNode pred, SourceNode succ) { +predicate copyArrayStep(DataFlow::SourceNode pred, DataFlow::SourceNode succ) { // x -> [...x] exists(SpreadElement spread | pred.flowsTo(spread.getOperand().flow()) and @@ -45,7 +44,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // `x -> y` in `y.push( x[i] )` - exists(MethodCallNode push | + exists(DataFlow::MethodCallNode push | push = succ.getAMethodCall("push") and ( getAnEnumeratedArrayElement(pred).flowsTo(push.getAnArgument()) @@ -55,7 +54,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // x -> x.concat(...) - exists(MethodCallNode concat_ | + exists(DataFlow::MethodCallNode concat_ | concat_.getMethodName() = "concat" and (pred = concat_.getReceiver() or pred = concat_.getAnArgument()) and succ = concat_ @@ -66,21 +65,21 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { * Holds if `node` may refer to a `SplitCall` or a copy thereof, possibly * returned through a function call. */ -predicate isSplitArray(SourceNode node) { +predicate isSplitArray(DataFlow::SourceNode node) { node instanceof SplitCall or - exists(SourceNode pred | isSplitArray(pred) | + exists(DataFlow::SourceNode pred | isSplitArray(pred) | copyArrayStep(pred, node) or - pred.flowsToExpr(node.(CallNode).getACallee().getAReturnedExpr()) + pred.flowsToExpr(node.(DataFlow::CallNode).getACallee().getAReturnedExpr()) ) } /** * A property name originating from a `x.split(".")` call. */ -class SplitPropName extends SourceNode { - SourceNode array; +class SplitPropName extends DataFlow::SourceNode { + DataFlow::SourceNode array; SplitPropName() { isSplitArray(array) and @@ -90,7 +89,7 @@ class SplitPropName extends SourceNode { /** * Gets the array from which this property name was obtained (the result from `split`). */ - SourceNode getArray() { result = array } + DataFlow::SourceNode getArray() { result = array } /** Gets an element accessed on the same underlying array. */ SplitPropName getAnAlias() { result.getArray() = this.getArray() } @@ -117,18 +116,18 @@ predicate isPollutedPropNameSource(DataFlow::Node node) { * Holds if `node` may flow from a source of polluted propery names, possibly * into function calls (but not returns). */ -predicate isPollutedPropName(Node node) { +predicate isPollutedPropName(DataFlow::Node node) { isPollutedPropNameSource(node) or - exists(Node pred | isPollutedPropName(pred) | + exists(DataFlow::Node pred | isPollutedPropName(pred) | node = pred.getASuccessor() or - argumentPassingStep(_, pred, _, node) + DataFlow::argumentPassingStep(_, pred, _, node) or // Handle one level of callbacks - exists(FunctionNode function, ParameterNode callback, int i | + exists(DataFlow::FunctionNode function, DataFlow::ParameterNode callback, int i | pred = callback.getAnInvocation().getArgument(i) and - argumentPassingStep(_, function, _, callback) and + DataFlow::argumentPassingStep(_, function, _, callback) and node = function.getParameter(i) ) ) @@ -138,8 +137,8 @@ predicate isPollutedPropName(Node node) { * Holds if `node` may refer to `Object.prototype` obtained through dynamic property * read of a property obtained through property enumeration. */ -predicate isPotentiallyObjectPrototype(SourceNode node) { - exists(Node base, Node key | +predicate isPotentiallyObjectPrototype(DataFlow::SourceNode node) { + exists(DataFlow::Node base, DataFlow::Node key | dynamicPropReadStep(base, key, node) and isPollutedPropName(key) and // Ignore cases where the properties of `base` are enumerated, to avoid FPs @@ -149,8 +148,8 @@ predicate isPotentiallyObjectPrototype(SourceNode node) { not arePropertiesEnumerated(base.getALocalSource()) ) or - exists(Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | - argumentPassingStep(_, use, _, node) + exists(DataFlow::Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | + DataFlow::argumentPassingStep(_, use, _, node) ) } @@ -193,14 +192,6 @@ string unsafePropName() { result = "constructor" } -/** - * A flow label representing an unsafe property name, or an object obtained - * by using such a property in a dynamic read. - */ -class UnsafePropLabel extends FlowLabel { - UnsafePropLabel() { this = unsafePropName() } -} - /** * Tracks data from property enumerations to dynamic property writes. * @@ -233,11 +224,13 @@ class UnsafePropLabel extends FlowLabel { * for coinciding paths afterwards. This means this configuration can't be used as * a standalone configuration like in most path queries. */ -class PropNameTracking extends DataFlow::Configuration { - PropNameTracking() { this = "PropNameTracking" } +module PropNameTrackingConfig implements DataFlow::StateConfigSig { + class FlowState extends string { + FlowState() { this = unsafePropName() } + } - override predicate isSource(DataFlow::Node node, FlowLabel label) { - label instanceof UnsafePropLabel and + predicate isSource(DataFlow::Node node, FlowState state) { + exists(state) and ( isPollutedPropNameSource(node) or @@ -245,8 +238,8 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isSink(DataFlow::Node node, FlowLabel label) { - label instanceof UnsafePropLabel and + predicate isSink(DataFlow::Node node, FlowState state) { + exists(state) and ( dynamicPropWrite(node, _, _) or dynamicPropWrite(_, node, _) or @@ -254,51 +247,67 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, FlowLabel predlbl, FlowLabel succlbl + predicate isBarrier(DataFlow::Node node, FlowState state) { + node = DataFlow::MakeStateBarrierGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - predlbl instanceof UnsafePropLabel and - succlbl = predlbl and + exists(state1) and + state2 = state1 and ( // Step through `p -> x[p]` - exists(PropRead read | - pred = read.getPropertyNameExpr().flow() and + exists(DataFlow::PropRead read | + node1 = read.getPropertyNameExpr().flow() and not read.(DynamicPropRead).hasDominatingAssignment() and - succ = read + node2 = read ) or // Step through `x -> x[p]` exists(DynamicPropRead read | not read.hasDominatingAssignment() and - pred = read.getBase() and - succ = read + node1 = read.getBase() and + node2 = read ) ) } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof DataFlow::VarAccessBarrier + predicate isBarrier(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { - node instanceof DenyListEqualityGuard or - node instanceof AllowListEqualityGuard or - node instanceof HasOwnPropertyGuard or - node instanceof InExprGuard or - node instanceof InstanceOfGuard or - node instanceof TypeofGuard or - node instanceof DenyListInclusionGuard or - node instanceof AllowListInclusionGuard or - node instanceof IsPlainObjectGuard + int accessPathLimit() { + // Speed up the query. For the pattern we're looking for the value rarely + // flows through any contents, apart from a capture content. + result = 1 } } +class FlowState = PropNameTrackingConfig::FlowState; + +module PropNameTracking = DataFlow::GlobalWithState; + +/** + * A barrier guard for prototype pollution. + */ +abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state) { none() } +} + /** * A sanitizer guard of form `x === "__proto__"` or `x === "constructor"`. */ -class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class DenyListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; string propName; @@ -307,17 +316,17 @@ class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode propName = unsafePropName() } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() and - label = propName + state = propName } } /** * An equality test with something other than `__proto__` or `constructor`. */ -class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class AllowListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; AllowListEqualityGuard() { @@ -325,10 +334,9 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod astNode.getAnOperand() instanceof Literal } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and - outcome = astNode.getPolarity() and - label instanceof UnsafePropLabel + outcome = astNode.getPolarity() } } @@ -339,7 +347,7 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod * but the destination object generally doesn't. It is therefore only a sanitizer when * used on the destination object. */ -class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPropertyCall { +class HasOwnPropertyGuard extends BarrierGuard instanceof HasOwnPropertyCall { HasOwnPropertyGuard() { // Try to avoid `src.hasOwnProperty` by requiring that the receiver // does not locally have its properties enumerated. Typically there is no @@ -347,7 +355,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr not arePropertiesEnumerated(super.getObject().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getProperty().asExpr() and outcome = true } } @@ -358,7 +366,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr * Since `"__proto__" in obj` and `"constructor" in obj` is true for most objects, * this is seen as a sanitizer for `key` in the false outcome. */ -class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { +class InExprGuard extends BarrierGuard, DataFlow::ValueNode { override InExpr astNode; InExprGuard() { @@ -366,7 +374,7 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { not arePropertiesEnumerated(astNode.getRightOperand().flow().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getLeftOperand() and outcome = false } } @@ -374,41 +382,41 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { /** * A sanitizer guard for `instanceof` expressions. * - * `Object.prototype instanceof X` is never true, so this blocks the `__proto__` label. + * `Object.prototype instanceof X` is never true, so this blocks the `__proto__` state. * * It is still possible to get to `Function.prototype` through `constructor.constructor.prototype` - * so we do not block the `constructor` label. + * so we do not block the `constructor` state. */ -class InstanceOfGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class InstanceOfGuard extends BarrierGuard, DataFlow::ValueNode { override InstanceOfExpr astNode; - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { - e = astNode.getLeftOperand() and outcome = true and label = "__proto__" + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + e = astNode.getLeftOperand() and outcome = true and state = "__proto__" } } /** * Sanitizer guard of form `typeof x === "object"` or `typeof x === "function"`. * - * The former blocks the `constructor` label as that payload must pass through a function, - * and the latter blocks the `__proto__` label as that only passes through objects. + * The former blocks the `constructor` state as that payload must pass through a function, + * and the latter blocks the `__proto__` state as that only passes through objects. */ -class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class TypeofGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; TypeofTag tag; TypeofGuard() { TaintTracking::isTypeofGuard(astNode, operand, tag) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = operand and outcome = astNode.getPolarity() and ( tag = "object" and - label = "constructor" + state = "constructor" or tag = "function" and - label = "__proto__" + state = "__proto__" ) or e = operand and @@ -417,10 +425,10 @@ class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode // If something is not an object, sanitize object, as both must end // in non-function prototype object. tag = "object" and - label instanceof UnsafePropLabel + exists(state) or tag = "function" and - label = "constructor" + state = "constructor" ) } } @@ -428,27 +436,27 @@ class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode /** * A check of form `["__proto__"].includes(x)` or similar. */ -class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, InclusionTest { - UnsafePropLabel label; +class DenyListInclusionGuard extends BarrierGuard, InclusionTest { + string blockedProp; DenyListInclusionGuard() { exists(DataFlow::ArrayCreationNode array | - array.getAnElement().getStringValue() = label and + array.getAnElement().getStringValue() = blockedProp and array.flowsTo(this.getContainerNode()) ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { outcome = this.getPolarity().booleanNot() and e = this.getContainedNode().asExpr() and - label = lbl + blockedProp = state } } /** * A check of form `xs.includes(x)` or similar, which sanitizes `x` in the true case. */ -class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { +class AllowListInclusionGuard extends BarrierGuard { AllowListInclusionGuard() { this instanceof TaintTracking::PositiveIndexOfSanitizer or @@ -456,9 +464,8 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { not this = any(MembershipCandidate::ObjectPropertyNameMembershipCandidate c).getTest() // handled with more precision in `HasOwnPropertyGuard` } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { - this.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(outcome, e) and - lbl instanceof UnsafePropLabel + override predicate blocksExpr(boolean outcome, Expr e) { + this.(TaintTracking::AdditionalBarrierGuard).blocksExpr(outcome, e) } } @@ -467,17 +474,17 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { * payload in the true case, since it rejects objects with a non-standard `constructor` * property. */ -class IsPlainObjectGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::CallNode { +class IsPlainObjectGuard extends BarrierGuard, DataFlow::CallNode { IsPlainObjectGuard() { exists(string name | name = "is-plain-object" or name = "is-extendable" | - this = moduleImport(name).getACall() + this = DataFlow::moduleImport(name).getACall() ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { e = this.getArgument(0).asExpr() and outcome = true and - lbl = "constructor" + state = "constructor" } } @@ -507,26 +514,26 @@ string deriveExprName(DataFlow::Node node) { * In most cases this will result in an alert, the exception being the case where * `base` does not have a prototype at all. */ -predicate isPrototypePollutingAssignment(Node base, Node prop, Node rhs, Node propNameSource) { +predicate isPrototypePollutingAssignment( + DataFlow::Node base, DataFlow::Node prop, DataFlow::Node rhs, DataFlow::Node propNameSource +) { dynamicPropWrite(base, prop, rhs) and isPollutedPropNameSource(propNameSource) and - exists(PropNameTracking cfg | - cfg.hasFlow(propNameSource, base) and - if propNameSource instanceof EnumeratedPropName - then - cfg.hasFlow(propNameSource, prop) and - cfg.hasFlow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] - .(EnumeratedPropName) - .getASourceProp(), rhs) - else ( - cfg.hasFlow(propNameSource.(SplitPropName).getAnAlias(), prop) and - rhs.getALocalSource() instanceof ParameterNode - ) + PropNameTracking::flow(propNameSource, base) and + if propNameSource instanceof EnumeratedPropName + then + PropNameTracking::flow(propNameSource, prop) and + PropNameTracking::flow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] + .(EnumeratedPropName) + .getASourceProp(), rhs) + else ( + PropNameTracking::flow(propNameSource.(SplitPropName).getAnAlias(), prop) and + rhs.getALocalSource() instanceof DataFlow::ParameterNode ) } /** Gets a data flow node leading to the base of a prototype-polluting assignment. */ -private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, DataFlow::Node base) { t.start() and isPrototypePollutingAssignment(base, _, _, _) and result = base.getALocalSource() @@ -542,7 +549,9 @@ private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, * This dynamic read is where the reference to a built-in prototype object is obtained, * and we need this to ensure that this object actually has a prototype. */ -private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBaseBase( + DataFlow::TypeBackTracker t, DataFlow::Node base +) { exists(DynamicPropRead read | read = getANodeLeadingToBase(t, base) and result = read.getBase().getALocalSource() @@ -553,29 +562,31 @@ private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker ) } -DataFlow::SourceNode getANodeLeadingToBaseBase(Node base) { +DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::Node base) { result = getANodeLeadingToBaseBase(DataFlow::TypeBackTracker::end(), base) } /** A call to `Object.create(null)`. */ -class ObjectCreateNullCall extends CallNode { +class ObjectCreateNullCall extends DataFlow::CallNode { ObjectCreateNullCall() { - this = globalVarRef("Object").getAMemberCall("create") and + this = DataFlow::globalVarRef("Object").getAMemberCall("create") and this.getArgument(0).asExpr() instanceof NullLiteral } } +import DataFlow::DeduplicatePathGraph + from - PropNameTracking cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Node propNameSource, - Node base, string msg, Node col1, Node col2 + PathNode source, PathNode sink, DataFlow::Node propNameSource, DataFlow::Node base, string msg, + DataFlow::Node col1, DataFlow::Node col2 where isPollutedPropName(propNameSource) and - cfg.hasFlowPath(source, sink) and + PropNameTracking::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and isPrototypePollutingAssignment(base, _, _, propNameSource) and sink.getNode() = base and source.getNode() = propNameSource and ( - getANodeLeadingToBaseBase(base) instanceof ObjectLiteralNode + getANodeLeadingToBaseBase(base) instanceof DataFlow::ObjectLiteralNode or not getANodeLeadingToBaseBase(base) instanceof ObjectCreateNullCall ) and diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql index 0bc84b82d45..b23d7caa8d8 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql @@ -19,13 +19,11 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutionQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string moduleName, - Locatable dependencyLoc +from PathNode source, PathNode sink, string moduleName, Locatable dependencyLoc where - cfg.hasFlowPath(source, sink) and + PrototypePollutionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and sink.getNode().(Sink).dependencyInfo(moduleName, dependencyLoc) select sink.getNode(), source, sink, "Prototype pollution caused by merging a $@ using a vulnerable version of $@.", source, diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index a40689f41df..1cfc3111ad9 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.InsufficientPasswordHashQuery -import DataFlow::PathGraph +import InsufficientPasswordHashFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsufficientPasswordHashFlow::PathNode source, InsufficientPasswordHashFlow::PathNode sink +where InsufficientPasswordHashFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Password from $@ is hashed insecurely.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql index 4e03a62b198..1f8fb9c2d41 100644 --- a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery -import DataFlow::PathGraph +import ClientSideRequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from + ClientSideRequestForgeryFlow::PathNode source, ClientSideRequestForgeryFlow::PathNode sink, + DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + ClientSideRequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index c84f5f7d1cb..6546104068b 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -12,11 +12,11 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryQuery -import DataFlow::PathGraph +import RequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + RequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql b/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql index b4b66293ee5..f0734b877c9 100644 --- a/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql +++ b/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql @@ -1,5 +1,5 @@ /** - * @name Code injection + * @name Code injection from dynamically imported code * @description Interpreting unsanitized user input as code allows a malicious user arbitrary * code execution. * @kind path-problem @@ -15,13 +15,11 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -abstract class Sanitizer extends DataFlow::Node { } +abstract class Barrier extends DataFlow::Node { } /** A non-first leaf in a string-concatenation. Seen as a sanitizer for dynamic import code injection. */ -class NonFirstStringConcatLeaf extends Sanitizer { +class NonFirstStringConcatLeaf extends Barrier { NonFirstStringConcatLeaf() { exists(StringOps::ConcatenationRoot root | this = root.getALeaf() and @@ -51,39 +49,51 @@ class WorkerThreads extends DataFlow::Node { } } -class UrlConstructorLabel extends FlowLabel { - UrlConstructorLabel() { this = "UrlConstructorLabel" } -} +newtype TFlowState = + TTaint() or + TUrlConstructor() /** * A taint-tracking configuration for reasoning about code injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CodeInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof DynamicImport } - - override predicate isSink(DataFlow::Node sink, FlowLabel label) { - sink instanceof WorkerThreads and label instanceof UrlConstructorLabel +module CodeInjectionConfig implements DataFlow::StateConfigSig { + class FlowState extends TFlowState { + string toString() { + this = TTaint() and result = "taint" + or + this = TUrlConstructor() and result = "url-constructor" + } } - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof ActiveThreatModelSource and state = TTaint() + } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, FlowLabel predlbl, FlowLabel succlbl + predicate isSink(DataFlow::Node sink) { sink instanceof DynamicImport } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof WorkerThreads and state = TUrlConstructor() + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Barrier } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - exists(DataFlow::NewNode newUrl | succ = newUrl | + exists(DataFlow::NewNode newUrl | node2 = newUrl | newUrl = DataFlow::globalVarRef("URL").getAnInstantiation() and - pred = newUrl.getArgument(0) + node1 = newUrl.getArgument(0) ) and - predlbl instanceof StandardFlowLabel and - succlbl instanceof UrlConstructorLabel + state1 = TTaint() and + state2 = TUrlConstructor() } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +module CodeInjectionFlow = TaintTracking::GlobalWithState; + +import CodeInjectionFlow::PathGraph + +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql b/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql index 38c7e591211..e66406f8405 100644 --- a/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql +++ b/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql @@ -11,33 +11,32 @@ */ import javascript -import DataFlow::PathGraph /** A taint tracking configuration for unsafe environment injection. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "envInjection" } +module EnvValueAndKeyInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = keyOfEnv() or sink = valueOfEnv() } - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { exists(DataFlow::InvokeNode ikn | ikn = DataFlow::globalVarRef("Object").getAMemberInvocation("keys") | - pred = ikn.getArgument(0) and + node1 = ikn.getArgument(0) and ( - succ = ikn.getAChainedMethodCall(["filter", "map"]) or - succ = ikn or - succ = ikn.getAChainedMethodCall("forEach").getABoundCallbackParameter(0, 0) + node2 = ikn.getAChainedMethodCall(["filter", "map"]) or + node2 = ikn or + node2 = ikn.getAChainedMethodCall("forEach").getABoundCallbackParameter(0, 0) ) ) } } +module EnvValueAndKeyInjectionFlow = TaintTracking::Global; + DataFlow::Node keyOfEnv() { result = NodeJSLib::process().getAPropertyRead("env").getAPropertyWrite().getPropertyNameExpr().flow() @@ -56,13 +55,15 @@ private predicate readToProcessEnv(DataFlow::Node envKey, DataFlow::Node envValu ) } +import EnvValueAndKeyInjectionFlow::PathGraph + from - Configuration cfgForValue, Configuration cfgForKey, DataFlow::PathNode source, - DataFlow::PathNode envKey, DataFlow::PathNode envValue + EnvValueAndKeyInjectionFlow::PathNode source, EnvValueAndKeyInjectionFlow::PathNode envKey, + EnvValueAndKeyInjectionFlow::PathNode envValue where - cfgForValue.hasFlowPath(source, envKey) and + EnvValueAndKeyInjectionFlow::flowPath(source, envKey) and envKey.getNode() = keyOfEnv() and - cfgForKey.hasFlowPath(source, envValue) and + EnvValueAndKeyInjectionFlow::flowPath(source, envValue) and envValue.getNode() = valueOfEnv() and readToProcessEnv(envKey.getNode(), envValue.getNode()) select envKey.getNode(), source, envKey, "arbitrary environment variable assignment from this $@.", diff --git a/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql b/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql index 3eb9f230564..82490a5200a 100644 --- a/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql +++ b/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql @@ -11,20 +11,21 @@ */ import javascript -import DataFlow::PathGraph /** A taint tracking configuration for unsafe environment injection. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "envInjection" } +module EnvValueInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = API::moduleImport("process").getMember("env").getAMember().asSink() } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +module EnvValueInjectionFlow = TaintTracking::Global; + +import EnvValueInjectionFlow::PathGraph + +from EnvValueInjectionFlow::PathNode source, EnvValueInjectionFlow::PathNode sink +where EnvValueInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "this environment variable assignment is $@.", source.getNode(), "user controllable" diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index a2437fa670c..2f039b8fc3b 100644 --- a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -14,7 +14,6 @@ import javascript import DataFlow -import DataFlow::PathGraph class PredictableResultSource extends DataFlow::Node { PredictableResultSource() { @@ -38,14 +37,16 @@ class TokenAssignmentValueSink extends DataFlow::Node { } } -class TokenBuiltFromUuidConfig extends TaintTracking::Configuration { - TokenBuiltFromUuidConfig() { this = "TokenBuiltFromUuidConfig" } +module TokenBuiltFromUuidConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - override predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } + predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } } -from DataFlow::PathNode source, DataFlow::PathNode sink, TokenBuiltFromUuidConfig config -where config.hasFlowPath(source, sink) +module TokenBuiltFromUuidFlow = TaintTracking::Global; + +import TokenBuiltFromUuidFlow::PathGraph + +from TokenBuiltFromUuidFlow::PathNode source, TokenBuiltFromUuidFlow::PathNode sink +where TokenBuiltFromUuidFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value" diff --git a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql index ca0e602f63a..1ee38491d5f 100644 --- a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql +++ b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql @@ -11,30 +11,29 @@ */ import javascript -import DataFlow::PathGraph import JWT -class ConfigurationUnverifiedDecode extends TaintTracking::Configuration { - ConfigurationUnverifiedDecode() { this = "jsonwebtoken without any signature verification" } +module UnverifiedDecodeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink = unverifiedDecode() } + predicate isSink(DataFlow::Node sink) { sink = unverifiedDecode() } } -class ConfigurationVerifiedDecode extends TaintTracking::Configuration { - ConfigurationVerifiedDecode() { this = "jsonwebtoken with signature verification" } +module UnverifiedDecodeFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } +module VerifiedDecodeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } - override predicate isSink(DataFlow::Node sink) { sink = verifiedDecode() } + predicate isSink(DataFlow::Node sink) { sink = verifiedDecode() } } -from ConfigurationUnverifiedDecode cfg, DataFlow::PathNode source, DataFlow::PathNode sink +module VerifiedDecodeFlow = TaintTracking::Global; + +import UnverifiedDecodeFlow::PathGraph + +from UnverifiedDecodeFlow::PathNode source, UnverifiedDecodeFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and - not exists(ConfigurationVerifiedDecode cfg2 | - cfg2.hasFlowPath(any(DataFlow::PathNode p | p.getNode() = source.getNode()), _) - ) + UnverifiedDecodeFlow::flowPath(source, sink) and + not VerifiedDecodeFlow::flow(source.getNode(), _) select source.getNode(), source, sink, "Decoding JWT $@.", sink.getNode(), "without signature verification" diff --git a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql index ed2283b7641..d75041426a1 100644 --- a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql +++ b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql @@ -11,29 +11,25 @@ */ import javascript -import DataFlow::PathGraph import JWT -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "jsonwebtoken without any signature verification" } - - override predicate isSource(DataFlow::Node source) { +module DecodeWithoutVerificationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source = [unverifiedDecode(), verifiedDecode()].getALocalSource() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = unverifiedDecode() or sink = verifiedDecode() } } +module DecodeWithoutVerificationFlow = TaintTracking::Global; + /** Holds if `source` flows to the first parameter of jsonwebtoken.verify */ -predicate isSafe(Configuration cfg, DataFlow::Node source) { - exists(DataFlow::Node sink | - cfg.hasFlow(source, sink) and - sink = verifiedDecode() - ) +predicate isSafe(DataFlow::Node source) { + DecodeWithoutVerificationFlow::flow(source, verifiedDecode()) } /** @@ -41,15 +37,17 @@ predicate isSafe(Configuration cfg, DataFlow::Node source) { * - `source` does not flow to the first parameter of `jsonwebtoken.verify`, and * - `source` flows to the first parameter of `jsonwebtoken.decode` */ -predicate isVulnerable(Configuration cfg, DataFlow::Node source, DataFlow::Node sink) { - not isSafe(cfg, source) and // i.e., source does not flow to a verify call - cfg.hasFlow(source, sink) and // but it does flow to something else +predicate isVulnerable(DataFlow::Node source, DataFlow::Node sink) { + not isSafe(source) and // i.e., source does not flow to a verify call + DecodeWithoutVerificationFlow::flow(source, sink) and // but it does flow to something else sink = unverifiedDecode() // and that something else is a call to decode. } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +import DecodeWithoutVerificationFlow::PathGraph + +from DecodeWithoutVerificationFlow::PathNode source, DecodeWithoutVerificationFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and - isVulnerable(cfg, source.getNode(), sink.getNode()) + DecodeWithoutVerificationFlow::flowPath(source, sink) and + isVulnerable(source.getNode(), sink.getNode()) select source.getNode(), source, sink, "Decoding JWT $@.", sink.getNode(), "without signature verification" diff --git a/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql b/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql index 0e734f4c0c6..17e3f1f2fd9 100644 --- a/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql +++ b/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql @@ -12,24 +12,25 @@ */ import javascript -import DataFlow::PathGraph import DecompressionBombs -class BombConfiguration extends TaintTracking::Configuration { - BombConfiguration() { this = "DecompressionBombs" } +module DecompressionBombConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { exists(DecompressionBomb::AdditionalTaintStep addstep | - addstep.isAdditionalTaintStep(pred, succ) + addstep.isAdditionalTaintStep(node1, node2) ) } } -from BombConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +module DecompressionBombFlow = TaintTracking::Global; + +import DecompressionBombFlow::PathGraph + +from DecompressionBombFlow::PathNode source, DecompressionBombFlow::PathNode sink +where DecompressionBombFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This Decompression depends on a $@.", source.getNode(), "potentially untrusted source" diff --git a/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.qll b/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.qll index 8a20fea499b..798e8c6f268 100644 --- a/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.qll +++ b/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.qll @@ -1,7 +1,6 @@ import javascript import experimental.semmle.javascript.FormParsers import experimental.semmle.javascript.ReadableStream -import DataFlow::PathGraph module DecompressionBomb { /** diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql index ce4d3f7791c..7ea1826bbfa 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql @@ -12,9 +12,9 @@ import javascript import SSRF -import DataFlow::PathGraph +import SsrfFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from SsrfFlow::PathNode source, SsrfFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() + SsrfFlow::flowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() select sink, source, sink, "The URL of this request depends on a user-provided value." diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll index 95d46aad868..690c673401d 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll @@ -2,42 +2,41 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryCustomizations import semmle.javascript.security.dataflow.UrlConcatenation -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SSRF" } +module SsrfConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } - override predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } + predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof RequestForgery::Sanitizer + predicate isBarrier(DataFlow::Node node) { + node instanceof RequestForgery::Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } private predicate hasSanitizingSubstring(DataFlow::Node nd) { nd.getStringValue().regexpMatch(".*[?#].*") or - this.hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) + hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) or - this.hasSanitizingSubstring(nd.getAPredecessor()) + hasSanitizingSubstring(nd.getAPredecessor()) } private predicate strictSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) { exists(DataFlow::Node operator, int n | StringConcatenation::taintStep(source, sink, operator, n) and - this.hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) + hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) ) } - override predicate isSanitizerOut(DataFlow::Node node) { - this.strictSanitizingPrefixEdge(node, _) - } + predicate isBarrierOut(DataFlow::Node node) { strictSanitizingPrefixEdge(node, _) } +} - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) { - nd instanceof IntegerCheck or - nd instanceof ValidatorCheck or - nd instanceof TernaryOperatorSanitizerGuard - } +module SsrfFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SsrfFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SSRF" } } /** @@ -56,14 +55,14 @@ class Configuration extends TaintTracking::Configuration { class TernaryOperatorSanitizer extends RequestForgery::Sanitizer { TernaryOperatorSanitizer() { exists( - TaintTracking::SanitizerGuardNode guard, IfStmt ifStmt, DataFlow::Node taintedInput, + TaintTracking::AdditionalBarrierGuard guard, IfStmt ifStmt, DataFlow::Node taintedInput, boolean outcome, Stmt r, DataFlow::Node falseNode | ifStmt.getCondition().flow().getAPredecessor+() = guard and ifStmt.getCondition().flow().getAPredecessor+() = falseNode and falseNode.asExpr().(BooleanLiteral).mayHaveBooleanValue(false) and not ifStmt.getCondition() instanceof LogicalBinaryExpr and - guard.sanitizes(outcome, taintedInput.asExpr()) and + guard.blocksExpr(outcome, taintedInput.asExpr()) and ( outcome = true and r = ifStmt.getThen() and not ifStmt.getCondition() instanceof LogNotExpr or @@ -81,6 +80,12 @@ class TernaryOperatorSanitizer extends RequestForgery::Sanitizer { } } +/** A barrier guard for this SSRF query. */ +abstract class BarrierGuard extends DataFlow::Node { + /** Holds if flow through `e` should be blocked, provided this evaluates to `outcome`. */ + abstract predicate blocksExpr(boolean outcome, Expr e); +} + /** * This sanitizer guard is another way of modeling the example from above * In this case: @@ -95,8 +100,8 @@ class TernaryOperatorSanitizer extends RequestForgery::Sanitizer { * Thats why we model this sanitizer guard which says that * the result of the ternary operator execution is a sanitizer guard. */ -class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { - TaintTracking::SanitizerGuardNode originalGuard; +class TernaryOperatorSanitizerGuard extends BarrierGuard { + TaintTracking::AdditionalBarrierGuard originalGuard; TernaryOperatorSanitizerGuard() { this.getAPredecessor+().asExpr().(BooleanLiteral).mayHaveBooleanValue(false) and @@ -104,13 +109,13 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { not this.asExpr() instanceof LogicalBinaryExpr } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { not this.asExpr() instanceof LogNotExpr and - originalGuard.sanitizes(outcome, e) + originalGuard.blocksExpr(outcome, e) or exists(boolean originalOutcome | this.asExpr() instanceof LogNotExpr and - originalGuard.sanitizes(originalOutcome, e) and + originalGuard.blocksExpr(originalOutcome, e) and ( originalOutcome = true and outcome = false or @@ -123,10 +128,10 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { /** * A call to Number.isInteger seen as a sanitizer guard because a number can't be used to exploit a SSRF. */ -class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { +class IntegerCheck extends DataFlow::CallNode, BarrierGuard { IntegerCheck() { this = DataFlow::globalVarRef("Number").getAMemberCall("isInteger") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } @@ -137,7 +142,7 @@ class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode * validator is a library which has a variety of input-validation functions. We are interesed in * checking that source is a number (any type of number) or an alphanumeric value. */ -class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { +class ValidatorCheck extends DataFlow::CallNode, BarrierGuard { ValidatorCheck() { exists(DataFlow::SourceNode mod, string method | mod = DataFlow::moduleImport("validator") and @@ -149,7 +154,7 @@ class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNo ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } diff --git a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql index e82d0e85ade..87db66ad98d 100644 --- a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql +++ b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql @@ -12,9 +12,10 @@ import javascript import CorsPermissiveConfigurationQuery -import DataFlow::PathGraph +import CorsPermissiveConfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from + CorsPermissiveConfigurationFlow::PathNode source, CorsPermissiveConfigurationFlow::PathNode sink +where CorsPermissiveConfigurationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "CORS Origin misconfiguration due to a $@.", source.getNode(), "too permissive or user controlled value" diff --git a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll index 103872847a0..8876373a3d2 100644 --- a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll +++ b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll @@ -10,6 +10,45 @@ import Apollo::Apollo /** Module containing sources, sinks, and sanitizers for overly permissive CORS configurations. */ module CorsPermissiveConfiguration { + private newtype TFlowState = + TTaint() or + TTrueOrNull() or + TWildcard() + + /** A flow state to asociate with a tracked value. */ + class FlowState extends TFlowState { + /** Gets a string representation of this flow state. */ + string toString() { + this = TTaint() and result = "taint" + or + this = TTrueOrNull() and result = "true-or-null" + or + this = TWildcard() and result = "wildcard" + } + + deprecated DataFlow::FlowLabel toFlowLabel() { + this = TTaint() and result.isTaint() + or + this = TTrueOrNull() and result instanceof TrueAndNull + or + this = TWildcard() and result instanceof Wildcard + } + } + + /** Predicates for working with flow states. */ + module FlowState { + deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label } + + /** A tainted value. */ + FlowState taint() { result = TTaint() } + + /** A `true` or `null` value. */ + FlowState trueOrNull() { result = TTrueOrNull() } + + /** A `"*"` value. */ + FlowState wildcard() { result = TWildcard() } + } + /** * A data flow source for permissive CORS configuration. */ @@ -38,18 +77,18 @@ module CorsPermissiveConfiguration { } /** A flow label representing `true` and `null` values. */ - abstract class TrueAndNull extends DataFlow::FlowLabel { + abstract deprecated class TrueAndNull extends DataFlow::FlowLabel { TrueAndNull() { this = "TrueAndNull" } } - TrueAndNull truenullLabel() { any() } + deprecated TrueAndNull truenullLabel() { any() } /** A flow label representing `*` value. */ - abstract class Wildcard extends DataFlow::FlowLabel { + abstract deprecated class Wildcard extends DataFlow::FlowLabel { Wildcard() { this = "Wildcard" } } - Wildcard wildcardLabel() { any() } + deprecated Wildcard wildcardLabel() { any() } /** An overly permissive value for `origin` (Apollo) */ class TrueNullValue extends Source { diff --git a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationQuery.qll b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationQuery.qll index 4d56365aafe..bddc732dea2 100644 --- a/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationQuery.qll +++ b/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationQuery.qll @@ -10,37 +10,58 @@ import javascript import CorsPermissiveConfigurationCustomizations::CorsPermissiveConfiguration +private import CorsPermissiveConfigurationCustomizations::CorsPermissiveConfiguration as CorsPermissiveConfiguration /** * A data flow configuration for overly permissive CORS configuration. */ -class Configuration extends TaintTracking::Configuration { +module CorsPermissiveConfigurationConfig implements DataFlow::StateConfigSig { + class FlowState = CorsPermissiveConfiguration::FlowState; + + predicate isSource(DataFlow::Node source, FlowState state) { + source instanceof TrueNullValue and state = FlowState::trueOrNull() + or + source instanceof WildcardValue and state = FlowState::wildcard() + or + source instanceof RemoteFlowSource and state = FlowState::taint() + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + sink instanceof CorsApolloServer and state = [FlowState::taint(), FlowState::trueOrNull()] + or + sink instanceof ExpressCors and state = [FlowState::taint(), FlowState::wildcard()] + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +module CorsPermissiveConfigurationFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `CorsPermissiveConfigurationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CorsPermissiveConfiguration" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source instanceof TrueNullValue and label = truenullLabel() - or - source instanceof WildcardValue and label = wildcardLabel() - or - source instanceof RemoteFlowSource and label = DataFlow::FlowLabel::taint() + CorsPermissiveConfigurationConfig::isSource(source, FlowState::fromFlowLabel(label)) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof CorsApolloServer and label = [DataFlow::FlowLabel::taint(), truenullLabel()] - or - sink instanceof ExpressCors and label = [DataFlow::FlowLabel::taint(), wildcardLabel()] + CorsPermissiveConfigurationConfig::isSink(sink, FlowState::fromFlowLabel(label)) } override predicate isSanitizer(DataFlow::Node node) { super.isSanitizer(node) or - node instanceof Sanitizer + CorsPermissiveConfigurationConfig::isBarrier(node) } } -private class WildcardActivated extends DataFlow::FlowLabel, Wildcard { +deprecated private class WildcardActivated extends DataFlow::FlowLabel, Wildcard { WildcardActivated() { this = this } } -private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull { +deprecated private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull { TrueAndNullActivated() { this = this } } diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index dff26536319..4bf06b54447 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -12,11 +12,15 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where + ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql index b21c86fc50a..f59de018f8b 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql @@ -16,17 +16,17 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() and diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql index e93cd7e6ca5..2db4b18e570 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import DomBasedXssFlow::PathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from DomBasedXssFlow::PathNode source, DomBasedXssFlow::PathNode sink +where DomBasedXssFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql index e82b9d40d5b..b8928021085 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql @@ -15,18 +15,24 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql index 89d7d253f41..34ebe06f68c 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql @@ -17,10 +17,10 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql index 534de916772..8d9eca39be5 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql @@ -13,11 +13,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery import semmle.javascript.heuristics.AdditionalSources +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql index 883f8292c75..8ba7a1273ea 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -13,10 +13,11 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where + TaintedFormatStringFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 3448e4e99b6..02677fd6a9e 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -15,11 +15,12 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where + CorsMisconfigurationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql index fd707ae8faa..7118c49f2e2 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where + RemotePropertyInjectionFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 24939f49b0d..8acde1f396e 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -14,10 +14,11 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where + UnsafeDeserializationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql index cbfaa33ca51..262c9d52fe0 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql index 0a00511c86b..c7cd82938cc 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql index de302e53871..b0e761257cb 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql @@ -16,10 +16,10 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql index 37e702b55e0..9b37ce896d1 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -14,11 +14,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery import semmle.javascript.heuristics.AdditionalSources +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql index 1c05ba2424f..dacaa08a1b2 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql index 6fe3ff742f3..2980b78e1d1 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -14,13 +14,15 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) and + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index eae399ea00f..2b619f0614e 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -20,11 +20,15 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import PrototypePollutingAssignmentFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/experimental/poi/PoI.qll b/javascript/ql/src/experimental/poi/PoI.qll index 9539459c60b..10d5ab06072 100644 --- a/javascript/ql/src/experimental/poi/PoI.qll +++ b/javascript/ql/src/experimental/poi/PoI.qll @@ -133,44 +133,6 @@ private module StandardPoIs { override predicate is(Node l0) { l0 instanceof RemoteFlowSource } } - /** - * A "source" for any active configuration. - */ - class SourcePoI extends PoI { - SourcePoI() { this = "SourcePoI" } - - override predicate is(Node l0) { - exists(Configuration cfg | cfg.isSource(l0) or cfg.isSource(l0, _)) - } - } - - /** - * A "sink" for any active configuration. - */ - class SinkPoI extends PoI { - SinkPoI() { this = "SinkPoI" } - - override predicate is(Node l0) { - exists(Configuration cfg | cfg.isSink(l0) or cfg.isSink(l0, _)) - } - } - - /** - * A "barrier" for any active configuration. - */ - class BarrierPoI extends PoI { - BarrierPoI() { this = "BarrierPoI" } - - override predicate is(Node l0) { - exists(Configuration cfg | - cfg.isBarrier(l0) or - cfg.isBarrierEdge(l0, _) or - cfg.isBarrierEdge(l0, _, _) or - cfg.isLabeledBarrier(l0, _) - ) - } - } - /** * Provides groups of often used points of interest. */ @@ -185,16 +147,6 @@ private module StandardPoIs { this instanceof UnpromotedRouteHandlerWithFlowPoI } } - - /** - * A configuration-related point of interest. - */ - class DataFlowConfigurationPoI extends PoI { - DataFlowConfigurationPoI() { - this instanceof SourcePoI or - this instanceof SinkPoI - } - } } import StandardPoIGroups diff --git a/javascript/ql/src/meta/alerts/TaintedNodes.ql b/javascript/ql/src/meta/alerts/TaintedNodes.ql index 6bdd0a6bc30..da9f7bab6f4 100644 --- a/javascript/ql/src/meta/alerts/TaintedNodes.ql +++ b/javascript/ql/src/meta/alerts/TaintedNodes.ql @@ -12,20 +12,20 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } +module BasicTaintFlow = TaintTracking::Global; + // Avoid linking to the source as this would upset the statistics: nodes reachable -// from multiple sources would be counted multilpe times, and that's not what we intend to measure. +// from multiple sources would be counted multiple times, and that's not what we intend to measure. from DataFlow::Node node -where any(BasicTaintConfiguration cfg).hasFlow(_, node) +where BasicTaintFlow::flowTo(node) select node, "Tainted node" diff --git a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql index a477c8af8a9..f99d3b9a391 100644 --- a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql +++ b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } + predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql index e57d562aebb..7786fce5ece 100644 --- a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql +++ b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - override predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - - override predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } + predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/TaintSteps.ql b/javascript/ql/src/meta/analysis-quality/TaintSteps.ql index be16675f849..5c2cfcf1b80 100644 --- a/javascript/ql/src/meta/analysis-quality/TaintSteps.ql +++ b/javascript/ql/src/meta/analysis-quality/TaintSteps.ql @@ -17,8 +17,6 @@ predicate relevantStep(DataFlow::Node pred, DataFlow::Node succ) { or DataFlow::SharedFlowStep::step(pred, succ) or - DataFlow::SharedFlowStep::step(pred, succ, _, _) - or DataFlow::SharedFlowStep::loadStep(pred, succ, _) or DataFlow::SharedFlowStep::storeStep(pred, succ, _) diff --git a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql index 208a39b9ab1..7b2dfbbf642 100644 --- a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql +++ b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql @@ -12,16 +12,16 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql b/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql index d1a4ae1d099..42968289705 100644 --- a/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql +++ b/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql @@ -24,8 +24,6 @@ predicate unmodeled(API::Node callee, API::CallNode call, DataFlow::Node pred, D or DataFlow::SharedFlowStep::step(_, succ) or - DataFlow::SharedFlowStep::step(_, succ, _, _) - or DataFlow::SharedFlowStep::loadStep(_, succ, _) or DataFlow::SharedFlowStep::storeStep(_, succ, _) diff --git a/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.expected b/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.expected index bbd62023e24..4cd0cf23378 100644 --- a/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.expected +++ b/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.expected @@ -1,212 +1,98 @@ -nodes -| busybus.js:9:30:9:33 | file | -| busybus.js:9:30:9:33 | file | -| busybus.js:9:36:9:39 | info | -| busybus.js:9:36:9:39 | info | -| busybus.js:10:19:10:50 | { filen ... eType } | -| busybus.js:10:19:10:57 | encoding | -| busybus.js:10:19:10:57 | filename | -| busybus.js:10:19:10:57 | mimeType | -| busybus.js:10:21:10:28 | filename | -| busybus.js:10:31:10:38 | encoding | -| busybus.js:10:41:10:48 | mimeType | -| busybus.js:10:54:10:57 | info | -| busybus.js:12:18:12:25 | filename | -| busybus.js:12:18:12:25 | filename | -| busybus.js:12:28:12:35 | encoding | -| busybus.js:12:28:12:35 | encoding | -| busybus.js:12:38:12:45 | mimeType | -| busybus.js:12:38:12:45 | mimeType | -| busybus.js:13:23:13:23 | z | -| busybus.js:13:31:13:36 | sink() | -| busybus.js:13:31:13:36 | sink() | -| busybus.js:15:30:15:33 | data | -| busybus.js:15:30:15:33 | data | -| busybus.js:16:22:16:25 | data | -| busybus.js:16:22:16:25 | data | -| busybus.js:22:25:22:42 | data | -| busybus.js:22:32:22:42 | this.read() | -| busybus.js:22:32:22:42 | this.read() | -| busybus.js:23:26:23:29 | data | -| busybus.js:23:26:23:29 | data | -| busybus.js:27:25:27:28 | name | -| busybus.js:27:25:27:28 | name | -| busybus.js:27:31:27:33 | val | -| busybus.js:27:31:27:33 | val | -| busybus.js:27:36:27:39 | info | -| busybus.js:27:36:27:39 | info | -| busybus.js:28:18:28:21 | name | -| busybus.js:28:18:28:21 | name | -| busybus.js:28:24:28:26 | val | -| busybus.js:28:24:28:26 | val | -| busybus.js:28:29:28:32 | info | -| busybus.js:28:29:28:32 | info | -| dicer.js:12:23:12:26 | part | -| dicer.js:12:23:12:26 | part | -| dicer.js:13:19:13:24 | sink() | -| dicer.js:13:19:13:24 | sink() | -| dicer.js:14:28:14:33 | header | -| dicer.js:14:28:14:33 | header | -| dicer.js:16:22:16:27 | header | -| dicer.js:16:22:16:30 | header[h] | -| dicer.js:16:22:16:30 | header[h] | -| dicer.js:19:26:19:29 | data | -| dicer.js:19:26:19:29 | data | -| dicer.js:20:18:20:21 | data | -| dicer.js:20:18:20:21 | data | -| formidable.js:7:11:7:25 | [fields, files] | -| formidable.js:7:11:7:49 | fields | -| formidable.js:7:11:7:49 | files | -| formidable.js:7:12:7:17 | fields | -| formidable.js:7:20:7:24 | files | -| formidable.js:7:29:7:49 | await f ... se(req) | -| formidable.js:7:35:7:49 | form.parse(req) | -| formidable.js:7:35:7:49 | form.parse(req) | -| formidable.js:8:10:8:15 | fields | -| formidable.js:8:10:8:15 | fields | -| formidable.js:8:18:8:22 | files | -| formidable.js:8:18:8:22 | files | -| formidable.js:9:27:9:34 | formname | -| formidable.js:9:27:9:34 | formname | -| formidable.js:9:37:9:40 | file | -| formidable.js:9:37:9:40 | file | -| formidable.js:10:14:10:21 | formname | -| formidable.js:10:14:10:21 | formname | -| formidable.js:10:24:10:27 | file | -| formidable.js:10:24:10:27 | file | -| formidable.js:12:22:12:29 | formname | -| formidable.js:12:22:12:29 | formname | -| formidable.js:12:32:12:35 | file | -| formidable.js:12:32:12:35 | file | -| formidable.js:13:14:13:21 | formname | -| formidable.js:13:14:13:21 | formname | -| formidable.js:13:24:13:27 | file | -| formidable.js:13:24:13:27 | file | -| formidable.js:15:23:15:31 | fieldName | -| formidable.js:15:23:15:31 | fieldName | -| formidable.js:15:34:15:43 | fieldValue | -| formidable.js:15:34:15:43 | fieldValue | -| formidable.js:16:14:16:22 | fieldName | -| formidable.js:16:14:16:22 | fieldName | -| formidable.js:16:25:16:34 | fieldValue | -| formidable.js:16:25:16:34 | fieldValue | -| multiparty.js:8:22:8:25 | part | -| multiparty.js:8:22:8:25 | part | -| multiparty.js:9:14:9:17 | part | -| multiparty.js:9:14:9:17 | part | -| multiparty.js:10:19:10:24 | sink() | -| multiparty.js:10:19:10:24 | sink() | -| multiparty.js:14:37:14:42 | fields | -| multiparty.js:14:37:14:42 | fields | -| multiparty.js:14:45:14:49 | files | -| multiparty.js:14:45:14:49 | files | -| multiparty.js:15:14:15:19 | fields | -| multiparty.js:15:14:15:19 | fields | -| multiparty.js:15:22:15:26 | files | -| multiparty.js:15:22:15:26 | files | edges -| busybus.js:9:30:9:33 | file | busybus.js:13:23:13:23 | z | -| busybus.js:9:30:9:33 | file | busybus.js:13:23:13:23 | z | -| busybus.js:9:36:9:39 | info | busybus.js:10:54:10:57 | info | -| busybus.js:9:36:9:39 | info | busybus.js:10:54:10:57 | info | -| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:21:10:28 | filename | -| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:31:10:38 | encoding | -| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:41:10:48 | mimeType | -| busybus.js:10:19:10:57 | encoding | busybus.js:12:28:12:35 | encoding | -| busybus.js:10:19:10:57 | encoding | busybus.js:12:28:12:35 | encoding | -| busybus.js:10:19:10:57 | filename | busybus.js:12:18:12:25 | filename | -| busybus.js:10:19:10:57 | filename | busybus.js:12:18:12:25 | filename | -| busybus.js:10:19:10:57 | mimeType | busybus.js:12:38:12:45 | mimeType | -| busybus.js:10:19:10:57 | mimeType | busybus.js:12:38:12:45 | mimeType | -| busybus.js:10:21:10:28 | filename | busybus.js:10:19:10:57 | filename | -| busybus.js:10:31:10:38 | encoding | busybus.js:10:19:10:57 | encoding | -| busybus.js:10:41:10:48 | mimeType | busybus.js:10:19:10:57 | mimeType | -| busybus.js:10:54:10:57 | info | busybus.js:10:19:10:50 | { filen ... eType } | -| busybus.js:13:23:13:23 | z | busybus.js:13:31:13:36 | sink() | -| busybus.js:13:23:13:23 | z | busybus.js:13:31:13:36 | sink() | -| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | -| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | -| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | -| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | -| busybus.js:22:25:22:42 | data | busybus.js:23:26:23:29 | data | -| busybus.js:22:25:22:42 | data | busybus.js:23:26:23:29 | data | -| busybus.js:22:32:22:42 | this.read() | busybus.js:22:25:22:42 | data | -| busybus.js:22:32:22:42 | this.read() | busybus.js:22:25:22:42 | data | -| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | -| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | -| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | -| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | -| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | -| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | -| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | -| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | -| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | -| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | -| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | -| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | -| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | -| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | -| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | -| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | -| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header | -| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header | -| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] | -| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] | -| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | -| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | -| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | -| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | -| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:12:7:17 | fields | -| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:20:7:24 | files | -| formidable.js:7:11:7:49 | fields | formidable.js:8:10:8:15 | fields | -| formidable.js:7:11:7:49 | fields | formidable.js:8:10:8:15 | fields | -| formidable.js:7:11:7:49 | files | formidable.js:8:18:8:22 | files | -| formidable.js:7:11:7:49 | files | formidable.js:8:18:8:22 | files | -| formidable.js:7:12:7:17 | fields | formidable.js:7:11:7:49 | fields | -| formidable.js:7:20:7:24 | files | formidable.js:7:11:7:49 | files | -| formidable.js:7:29:7:49 | await f ... se(req) | formidable.js:7:11:7:25 | [fields, files] | -| formidable.js:7:35:7:49 | form.parse(req) | formidable.js:7:29:7:49 | await f ... se(req) | -| formidable.js:7:35:7:49 | form.parse(req) | formidable.js:7:29:7:49 | await f ... se(req) | -| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | -| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | -| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | -| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | -| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | -| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | -| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | -| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | -| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | -| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | -| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | -| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | -| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | -| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | -| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | -| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | -| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | -| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | -| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | -| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | -| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | -| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | -| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | -| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | -| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | -| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | -| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | -| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | -| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | -| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | -| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | -| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | -| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | -| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | -| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | -| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | -| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | -| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | -| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | -| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | +| busybus.js:9:30:9:33 | file | busybus.js:13:23:13:23 | z | provenance | | +| busybus.js:9:36:9:39 | info | busybus.js:10:54:10:57 | info | provenance | | +| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:19:10:57 | encoding | provenance | | +| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:19:10:57 | filename | provenance | | +| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:19:10:57 | mimeType | provenance | | +| busybus.js:10:19:10:57 | encoding | busybus.js:12:28:12:35 | encoding | provenance | | +| busybus.js:10:19:10:57 | filename | busybus.js:12:18:12:25 | filename | provenance | | +| busybus.js:10:19:10:57 | mimeType | busybus.js:12:38:12:45 | mimeType | provenance | | +| busybus.js:10:54:10:57 | info | busybus.js:10:19:10:50 | { filen ... eType } | provenance | | +| busybus.js:13:23:13:23 | z | busybus.js:13:31:13:36 | sink() | provenance | | +| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | provenance | | +| busybus.js:22:25:22:42 | data | busybus.js:23:26:23:29 | data | provenance | | +| busybus.js:22:32:22:42 | this.read() | busybus.js:22:25:22:42 | data | provenance | | +| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | provenance | | +| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | provenance | | +| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | provenance | | +| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | provenance | | +| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header | provenance | | +| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] | provenance | | +| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | provenance | | +| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:11:7:49 | fields | provenance | | +| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:11:7:49 | files | provenance | | +| formidable.js:7:11:7:49 | fields | formidable.js:8:10:8:15 | fields | provenance | | +| formidable.js:7:11:7:49 | files | formidable.js:8:18:8:22 | files | provenance | | +| formidable.js:7:29:7:49 | await f ... se(req) | formidable.js:7:11:7:25 | [fields, files] | provenance | | +| formidable.js:7:35:7:49 | form.parse(req) | formidable.js:7:29:7:49 | await f ... se(req) | provenance | | +| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | provenance | | +| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | provenance | | +| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | provenance | | +| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | provenance | | +| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | provenance | | +| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | provenance | | +| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | provenance | | +| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | provenance | | +| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | provenance | | +| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | provenance | | +nodes +| busybus.js:9:30:9:33 | file | semmle.label | file | +| busybus.js:9:36:9:39 | info | semmle.label | info | +| busybus.js:10:19:10:50 | { filen ... eType } | semmle.label | { filen ... eType } | +| busybus.js:10:19:10:57 | encoding | semmle.label | encoding | +| busybus.js:10:19:10:57 | filename | semmle.label | filename | +| busybus.js:10:19:10:57 | mimeType | semmle.label | mimeType | +| busybus.js:10:54:10:57 | info | semmle.label | info | +| busybus.js:12:18:12:25 | filename | semmle.label | filename | +| busybus.js:12:28:12:35 | encoding | semmle.label | encoding | +| busybus.js:12:38:12:45 | mimeType | semmle.label | mimeType | +| busybus.js:13:23:13:23 | z | semmle.label | z | +| busybus.js:13:31:13:36 | sink() | semmle.label | sink() | +| busybus.js:15:30:15:33 | data | semmle.label | data | +| busybus.js:16:22:16:25 | data | semmle.label | data | +| busybus.js:22:25:22:42 | data | semmle.label | data | +| busybus.js:22:32:22:42 | this.read() | semmle.label | this.read() | +| busybus.js:23:26:23:29 | data | semmle.label | data | +| busybus.js:27:25:27:28 | name | semmle.label | name | +| busybus.js:27:31:27:33 | val | semmle.label | val | +| busybus.js:27:36:27:39 | info | semmle.label | info | +| busybus.js:28:18:28:21 | name | semmle.label | name | +| busybus.js:28:24:28:26 | val | semmle.label | val | +| busybus.js:28:29:28:32 | info | semmle.label | info | +| dicer.js:12:23:12:26 | part | semmle.label | part | +| dicer.js:13:19:13:24 | sink() | semmle.label | sink() | +| dicer.js:14:28:14:33 | header | semmle.label | header | +| dicer.js:16:22:16:27 | header | semmle.label | header | +| dicer.js:16:22:16:30 | header[h] | semmle.label | header[h] | +| dicer.js:19:26:19:29 | data | semmle.label | data | +| dicer.js:20:18:20:21 | data | semmle.label | data | +| formidable.js:7:11:7:25 | [fields, files] | semmle.label | [fields, files] | +| formidable.js:7:11:7:49 | fields | semmle.label | fields | +| formidable.js:7:11:7:49 | files | semmle.label | files | +| formidable.js:7:29:7:49 | await f ... se(req) | semmle.label | await f ... se(req) | +| formidable.js:7:35:7:49 | form.parse(req) | semmle.label | form.parse(req) | +| formidable.js:8:10:8:15 | fields | semmle.label | fields | +| formidable.js:8:18:8:22 | files | semmle.label | files | +| formidable.js:9:27:9:34 | formname | semmle.label | formname | +| formidable.js:9:37:9:40 | file | semmle.label | file | +| formidable.js:10:14:10:21 | formname | semmle.label | formname | +| formidable.js:10:24:10:27 | file | semmle.label | file | +| formidable.js:12:22:12:29 | formname | semmle.label | formname | +| formidable.js:12:32:12:35 | file | semmle.label | file | +| formidable.js:13:14:13:21 | formname | semmle.label | formname | +| formidable.js:13:24:13:27 | file | semmle.label | file | +| formidable.js:15:23:15:31 | fieldName | semmle.label | fieldName | +| formidable.js:15:34:15:43 | fieldValue | semmle.label | fieldValue | +| formidable.js:16:14:16:22 | fieldName | semmle.label | fieldName | +| formidable.js:16:25:16:34 | fieldValue | semmle.label | fieldValue | +| multiparty.js:8:22:8:25 | part | semmle.label | part | +| multiparty.js:9:14:9:17 | part | semmle.label | part | +| multiparty.js:10:19:10:24 | sink() | semmle.label | sink() | +| multiparty.js:14:37:14:42 | fields | semmle.label | fields | +| multiparty.js:14:45:14:49 | files | semmle.label | files | +| multiparty.js:15:14:15:19 | fields | semmle.label | fields | +| multiparty.js:15:22:15:26 | files | semmle.label | files | +subpaths #select | busybus.js:12:18:12:25 | filename | busybus.js:9:36:9:39 | info | busybus.js:12:18:12:25 | filename | This entity depends on a $@. | busybus.js:9:36:9:39 | info | user-provided value | | busybus.js:12:28:12:35 | encoding | busybus.js:9:36:9:39 | info | busybus.js:12:28:12:35 | encoding | This entity depends on a $@. | busybus.js:9:36:9:39 | info | user-provided value | diff --git a/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.ql b/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.ql index ab526eeb54a..bdc52a60b96 100644 --- a/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.ql +++ b/javascript/ql/test/experimental/FormParsers/RemoteFlowSource.ql @@ -11,24 +11,25 @@ */ import javascript -import DataFlow::PathGraph import experimental.semmle.javascript.FormParsers /** * A taint-tracking configuration for test */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RemoteFlowSourcesOUserForm" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = API::moduleImport("sink").getAParameter().asSink() or sink = API::moduleImport("sink").getReturn().asSource() } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +module TestFlow = TaintTracking::Global; + +import TestFlow::PathGraph + +from TestFlow::PathNode source, TestFlow::PathNode sink +where TestFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This entity depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.expected b/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.expected deleted file mode 100644 index 76ec9dc360b..00000000000 --- a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.expected +++ /dev/null @@ -1,4 +0,0 @@ -| tst.js:16:15:16:25 | req.query.x | SourcePoI | tst.js:16:15:16:25 | req.query.x | irrelevant | tst.js:16:15:16:25 | req.query.x | irrelevant | -| tst.js:17:11:17:21 | req.query.x | SinkPoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant | -| tst.js:17:11:17:21 | req.query.x | SourcePoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant | -| tst.js:18:12:18:22 | req.query.x | SourcePoI | tst.js:18:12:18:22 | req.query.x | irrelevant | tst.js:18:12:18:22 | req.query.x | irrelevant | diff --git a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql deleted file mode 100644 index 5ea8c17fc28..00000000000 --- a/javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql +++ /dev/null @@ -1,13 +0,0 @@ -/** - * @kind problem - */ - -import javascript -import experimental.poi.PoI -import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection -import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection -import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment - -class MyDataFlowConfigurationPoIs extends DataFlowConfigurationPoI, ActivePoI { } - -query predicate problems = alertQuery/6; diff --git a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.expected b/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.expected deleted file mode 100644 index 7de2d09cd54..00000000000 --- a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.expected +++ /dev/null @@ -1,6 +0,0 @@ -| tst.js:1:23:1:31 | "express" | SinkPoI | tst.js:1:23:1:31 | "express" | irrelevant | tst.js:1:23:1:31 | "express" | irrelevant | -| tst.js:2:16:2:19 | "fs" | SinkPoI | tst.js:2:16:2:19 | "fs" | irrelevant | tst.js:2:16:2:19 | "fs" | irrelevant | -| tst.js:3:16:3:30 | "child_process" | SinkPoI | tst.js:3:16:3:30 | "child_process" | irrelevant | tst.js:3:16:3:30 | "child_process" | irrelevant | -| tst.js:16:15:16:25 | req.query.x | SourcePoI | tst.js:16:15:16:25 | req.query.x | irrelevant | tst.js:16:15:16:25 | req.query.x | irrelevant | -| tst.js:17:11:17:21 | req.query.x | SourcePoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant | -| tst.js:18:12:18:22 | req.query.x | SourcePoI | tst.js:18:12:18:22 | req.query.x | irrelevant | tst.js:18:12:18:22 | req.query.x | irrelevant | diff --git a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql deleted file mode 100644 index 784abb7e85b..00000000000 --- a/javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql +++ /dev/null @@ -1,11 +0,0 @@ -/** - * @kind problem - */ - -import javascript -import experimental.poi.PoI -import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPath - -class MyDataflowRelatedPoIs extends DataFlowConfigurationPoI, ActivePoI { } - -query predicate problems = alertQuery/6; diff --git a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.expected b/javascript/ql/test/experimental/PoI/XssPoIConfiguration.expected deleted file mode 100644 index dca2edaef2b..00000000000 --- a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.expected +++ /dev/null @@ -1,4 +0,0 @@ -| tst.js:16:15:16:25 | req.query.x | SourcePoI | tst.js:16:15:16:25 | req.query.x | irrelevant | tst.js:16:15:16:25 | req.query.x | irrelevant | -| tst.js:17:11:17:21 | req.query.x | SourcePoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant | -| tst.js:18:12:18:22 | req.query.x | SinkPoI | tst.js:18:12:18:22 | req.query.x | irrelevant | tst.js:18:12:18:22 | req.query.x | irrelevant | -| tst.js:18:12:18:22 | req.query.x | SourcePoI | tst.js:18:12:18:22 | req.query.x | irrelevant | tst.js:18:12:18:22 | req.query.x | irrelevant | diff --git a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql b/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql deleted file mode 100644 index 05b43a06cd1..00000000000 --- a/javascript/ql/test/experimental/PoI/XssPoIConfiguration.ql +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @kind problem - */ - -import javascript -import experimental.poi.PoI -import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss -import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss -import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss - -class MyDataFlowConfigurationPoIs extends DataFlowConfigurationPoI, ActivePoI { } - -query predicate problems = alertQuery/6; diff --git a/javascript/ql/test/experimental/Security/CWE-094-dataURL/CodeInjection.expected b/javascript/ql/test/experimental/Security/CWE-094-dataURL/CodeInjection.expected index 3a5963b4094..ab162e0b311 100644 --- a/javascript/ql/test/experimental/Security/CWE-094-dataURL/CodeInjection.expected +++ b/javascript/ql/test/experimental/Security/CWE-094-dataURL/CodeInjection.expected @@ -1,49 +1,38 @@ -nodes -| test.js:5:11:5:44 | payload | -| test.js:5:21:5:44 | req.que ... rameter | -| test.js:5:21:5:44 | req.que ... rameter | -| test.js:6:9:6:43 | payloadURL | -| test.js:6:22:6:43 | new URL ... + sth) | -| test.js:6:30:6:36 | payload | -| test.js:6:30:6:42 | payload + sth | -| test.js:7:16:7:25 | payloadURL | -| test.js:7:16:7:25 | payloadURL | -| test.js:9:5:9:39 | payloadURL | -| test.js:9:18:9:39 | new URL ... + sth) | -| test.js:9:26:9:32 | payload | -| test.js:9:26:9:38 | payload + sth | -| test.js:10:16:10:25 | payloadURL | -| test.js:10:16:10:25 | payloadURL | -| test.js:17:11:17:44 | payload | -| test.js:17:21:17:44 | req.que ... rameter | -| test.js:17:21:17:44 | req.que ... rameter | -| test.js:18:18:18:24 | payload | -| test.js:18:18:18:24 | payload | -| test.js:19:18:19:24 | payload | -| test.js:19:18:19:30 | payload + sth | -| test.js:19:18:19:30 | payload + sth | edges -| test.js:5:11:5:44 | payload | test.js:6:30:6:36 | payload | -| test.js:5:11:5:44 | payload | test.js:9:26:9:32 | payload | -| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload | -| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload | -| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL | -| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL | -| test.js:6:22:6:43 | new URL ... + sth) | test.js:6:9:6:43 | payloadURL | -| test.js:6:30:6:36 | payload | test.js:6:30:6:42 | payload + sth | -| test.js:6:30:6:42 | payload + sth | test.js:6:22:6:43 | new URL ... + sth) | -| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL | -| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL | -| test.js:9:18:9:39 | new URL ... + sth) | test.js:9:5:9:39 | payloadURL | -| test.js:9:26:9:32 | payload | test.js:9:26:9:38 | payload + sth | -| test.js:9:26:9:38 | payload + sth | test.js:9:18:9:39 | new URL ... + sth) | -| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload | -| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload | -| test.js:17:11:17:44 | payload | test.js:19:18:19:24 | payload | -| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload | -| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload | -| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth | -| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth | +| test.js:5:11:5:44 | payload | test.js:6:30:6:36 | payload | provenance | | +| test.js:5:11:5:44 | payload | test.js:9:26:9:32 | payload | provenance | | +| test.js:5:21:5:44 | req.que ... rameter | test.js:5:11:5:44 | payload | provenance | | +| test.js:6:9:6:43 | payloadURL | test.js:7:16:7:25 | payloadURL | provenance | | +| test.js:6:22:6:43 | new URL ... + sth) | test.js:6:9:6:43 | payloadURL | provenance | | +| test.js:6:30:6:36 | payload | test.js:6:30:6:42 | payload + sth | provenance | | +| test.js:6:30:6:42 | payload + sth | test.js:6:22:6:43 | new URL ... + sth) | provenance | Config | +| test.js:9:5:9:39 | payloadURL | test.js:10:16:10:25 | payloadURL | provenance | | +| test.js:9:18:9:39 | new URL ... + sth) | test.js:9:5:9:39 | payloadURL | provenance | | +| test.js:9:26:9:32 | payload | test.js:9:26:9:38 | payload + sth | provenance | | +| test.js:9:26:9:38 | payload + sth | test.js:9:18:9:39 | new URL ... + sth) | provenance | Config | +| test.js:17:11:17:44 | payload | test.js:18:18:18:24 | payload | provenance | | +| test.js:17:11:17:44 | payload | test.js:19:18:19:24 | payload | provenance | | +| test.js:17:21:17:44 | req.que ... rameter | test.js:17:11:17:44 | payload | provenance | | +| test.js:19:18:19:24 | payload | test.js:19:18:19:30 | payload + sth | provenance | | +nodes +| test.js:5:11:5:44 | payload | semmle.label | payload | +| test.js:5:21:5:44 | req.que ... rameter | semmle.label | req.que ... rameter | +| test.js:6:9:6:43 | payloadURL | semmle.label | payloadURL | +| test.js:6:22:6:43 | new URL ... + sth) | semmle.label | new URL ... + sth) | +| test.js:6:30:6:36 | payload | semmle.label | payload | +| test.js:6:30:6:42 | payload + sth | semmle.label | payload + sth | +| test.js:7:16:7:25 | payloadURL | semmle.label | payloadURL | +| test.js:9:5:9:39 | payloadURL | semmle.label | payloadURL | +| test.js:9:18:9:39 | new URL ... + sth) | semmle.label | new URL ... + sth) | +| test.js:9:26:9:32 | payload | semmle.label | payload | +| test.js:9:26:9:38 | payload + sth | semmle.label | payload + sth | +| test.js:10:16:10:25 | payloadURL | semmle.label | payloadURL | +| test.js:17:11:17:44 | payload | semmle.label | payload | +| test.js:17:21:17:44 | req.que ... rameter | semmle.label | req.que ... rameter | +| test.js:18:18:18:24 | payload | semmle.label | payload | +| test.js:19:18:19:24 | payload | semmle.label | payload | +| test.js:19:18:19:30 | payload + sth | semmle.label | payload + sth | +subpaths #select | test.js:7:16:7:25 | payloadURL | test.js:5:21:5:44 | req.que ... rameter | test.js:7:16:7:25 | payloadURL | This command line depends on a $@. | test.js:5:21:5:44 | req.que ... rameter | user-provided value | | test.js:10:16:10:25 | payloadURL | test.js:5:21:5:44 | req.que ... rameter | test.js:10:16:10:25 | payloadURL | This command line depends on a $@. | test.js:5:21:5:44 | req.que ... rameter | user-provided value | diff --git a/javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/EnvValueAndKeyInjection.expected b/javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/EnvValueAndKeyInjection.expected index f36626a7384..40313cf964c 100644 --- a/javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/EnvValueAndKeyInjection.expected +++ b/javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/EnvValueAndKeyInjection.expected @@ -1,55 +1,32 @@ -nodes -| test.js:5:9:5:28 | { EnvValue, EnvKey } | -| test.js:5:9:5:39 | EnvKey | -| test.js:5:9:5:39 | EnvValue | -| test.js:5:11:5:18 | EnvValue | -| test.js:5:21:5:26 | EnvKey | -| test.js:5:32:5:39 | req.body | -| test.js:5:32:5:39 | req.body | -| test.js:6:15:6:20 | EnvKey | -| test.js:6:15:6:20 | EnvKey | -| test.js:6:25:6:32 | EnvValue | -| test.js:6:25:6:32 | EnvValue | -| test.js:7:15:7:20 | EnvKey | -| test.js:7:15:7:20 | EnvKey | -| test.js:7:25:7:32 | EnvValue | -| test.js:7:25:7:32 | EnvValue | -| test.js:13:9:13:28 | { EnvValue, EnvKey } | -| test.js:13:9:13:39 | EnvKey | -| test.js:13:9:13:39 | EnvValue | -| test.js:13:11:13:18 | EnvValue | -| test.js:13:21:13:26 | EnvKey | -| test.js:13:32:13:39 | req.body | -| test.js:13:32:13:39 | req.body | -| test.js:15:15:15:20 | EnvKey | -| test.js:15:15:15:20 | EnvKey | -| test.js:16:26:16:33 | EnvValue | -| test.js:16:26:16:33 | EnvValue | edges -| test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:11:5:18 | EnvValue | -| test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:21:5:26 | EnvKey | -| test.js:5:9:5:39 | EnvKey | test.js:6:15:6:20 | EnvKey | -| test.js:5:9:5:39 | EnvKey | test.js:6:15:6:20 | EnvKey | -| test.js:5:9:5:39 | EnvKey | test.js:7:15:7:20 | EnvKey | -| test.js:5:9:5:39 | EnvKey | test.js:7:15:7:20 | EnvKey | -| test.js:5:9:5:39 | EnvValue | test.js:6:25:6:32 | EnvValue | -| test.js:5:9:5:39 | EnvValue | test.js:6:25:6:32 | EnvValue | -| test.js:5:9:5:39 | EnvValue | test.js:7:25:7:32 | EnvValue | -| test.js:5:9:5:39 | EnvValue | test.js:7:25:7:32 | EnvValue | -| test.js:5:11:5:18 | EnvValue | test.js:5:9:5:39 | EnvValue | -| test.js:5:21:5:26 | EnvKey | test.js:5:9:5:39 | EnvKey | -| test.js:5:32:5:39 | req.body | test.js:5:9:5:28 | { EnvValue, EnvKey } | -| test.js:5:32:5:39 | req.body | test.js:5:9:5:28 | { EnvValue, EnvKey } | -| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:11:13:18 | EnvValue | -| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:21:13:26 | EnvKey | -| test.js:13:9:13:39 | EnvKey | test.js:15:15:15:20 | EnvKey | -| test.js:13:9:13:39 | EnvKey | test.js:15:15:15:20 | EnvKey | -| test.js:13:9:13:39 | EnvValue | test.js:16:26:16:33 | EnvValue | -| test.js:13:9:13:39 | EnvValue | test.js:16:26:16:33 | EnvValue | -| test.js:13:11:13:18 | EnvValue | test.js:13:9:13:39 | EnvValue | -| test.js:13:21:13:26 | EnvKey | test.js:13:9:13:39 | EnvKey | -| test.js:13:32:13:39 | req.body | test.js:13:9:13:28 | { EnvValue, EnvKey } | -| test.js:13:32:13:39 | req.body | test.js:13:9:13:28 | { EnvValue, EnvKey } | +| test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:9:5:39 | EnvKey | provenance | | +| test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:9:5:39 | EnvValue | provenance | | +| test.js:5:9:5:39 | EnvKey | test.js:6:15:6:20 | EnvKey | provenance | | +| test.js:5:9:5:39 | EnvKey | test.js:7:15:7:20 | EnvKey | provenance | | +| test.js:5:9:5:39 | EnvValue | test.js:6:25:6:32 | EnvValue | provenance | | +| test.js:5:9:5:39 | EnvValue | test.js:7:25:7:32 | EnvValue | provenance | | +| test.js:5:32:5:39 | req.body | test.js:5:9:5:28 | { EnvValue, EnvKey } | provenance | | +| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:9:13:39 | EnvKey | provenance | | +| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:9:13:39 | EnvValue | provenance | | +| test.js:13:9:13:39 | EnvKey | test.js:15:15:15:20 | EnvKey | provenance | | +| test.js:13:9:13:39 | EnvValue | test.js:16:26:16:33 | EnvValue | provenance | | +| test.js:13:32:13:39 | req.body | test.js:13:9:13:28 | { EnvValue, EnvKey } | provenance | | +nodes +| test.js:5:9:5:28 | { EnvValue, EnvKey } | semmle.label | { EnvValue, EnvKey } | +| test.js:5:9:5:39 | EnvKey | semmle.label | EnvKey | +| test.js:5:9:5:39 | EnvValue | semmle.label | EnvValue | +| test.js:5:32:5:39 | req.body | semmle.label | req.body | +| test.js:6:15:6:20 | EnvKey | semmle.label | EnvKey | +| test.js:6:25:6:32 | EnvValue | semmle.label | EnvValue | +| test.js:7:15:7:20 | EnvKey | semmle.label | EnvKey | +| test.js:7:25:7:32 | EnvValue | semmle.label | EnvValue | +| test.js:13:9:13:28 | { EnvValue, EnvKey } | semmle.label | { EnvValue, EnvKey } | +| test.js:13:9:13:39 | EnvKey | semmle.label | EnvKey | +| test.js:13:9:13:39 | EnvValue | semmle.label | EnvValue | +| test.js:13:32:13:39 | req.body | semmle.label | req.body | +| test.js:15:15:15:20 | EnvKey | semmle.label | EnvKey | +| test.js:16:26:16:33 | EnvValue | semmle.label | EnvValue | +subpaths #select | test.js:6:15:6:20 | EnvKey | test.js:5:32:5:39 | req.body | test.js:6:15:6:20 | EnvKey | arbitrary environment variable assignment from this $@. | test.js:5:32:5:39 | req.body | user controllable source | | test.js:7:15:7:20 | EnvKey | test.js:5:32:5:39 | req.body | test.js:7:15:7:20 | EnvKey | arbitrary environment variable assignment from this $@. | test.js:5:32:5:39 | req.body | user controllable source | diff --git a/javascript/ql/test/experimental/Security/CWE-099/EnvValueInjection/EnvValueInjection.expected b/javascript/ql/test/experimental/Security/CWE-099/EnvValueInjection/EnvValueInjection.expected index 7461f72ee7e..87f6e5d4b86 100644 --- a/javascript/ql/test/experimental/Security/CWE-099/EnvValueInjection/EnvValueInjection.expected +++ b/javascript/ql/test/experimental/Security/CWE-099/EnvValueInjection/EnvValueInjection.expected @@ -1,26 +1,17 @@ -nodes -| test.js:4:9:4:20 | { EnvValue } | -| test.js:4:9:4:31 | EnvValue | -| test.js:4:11:4:18 | EnvValue | -| test.js:4:24:4:31 | req.body | -| test.js:4:24:4:31 | req.body | -| test.js:5:35:5:42 | EnvValue | -| test.js:5:35:5:42 | EnvValue | -| test.js:6:23:6:30 | EnvValue | -| test.js:6:23:6:30 | EnvValue | -| test.js:7:22:7:29 | EnvValue | -| test.js:7:22:7:29 | EnvValue | edges -| test.js:4:9:4:20 | { EnvValue } | test.js:4:11:4:18 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:5:35:5:42 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:5:35:5:42 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:6:23:6:30 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:6:23:6:30 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:7:22:7:29 | EnvValue | -| test.js:4:9:4:31 | EnvValue | test.js:7:22:7:29 | EnvValue | -| test.js:4:11:4:18 | EnvValue | test.js:4:9:4:31 | EnvValue | -| test.js:4:24:4:31 | req.body | test.js:4:9:4:20 | { EnvValue } | -| test.js:4:24:4:31 | req.body | test.js:4:9:4:20 | { EnvValue } | +| test.js:4:9:4:20 | { EnvValue } | test.js:4:9:4:31 | EnvValue | provenance | | +| test.js:4:9:4:31 | EnvValue | test.js:5:35:5:42 | EnvValue | provenance | | +| test.js:4:9:4:31 | EnvValue | test.js:6:23:6:30 | EnvValue | provenance | | +| test.js:4:9:4:31 | EnvValue | test.js:7:22:7:29 | EnvValue | provenance | | +| test.js:4:24:4:31 | req.body | test.js:4:9:4:20 | { EnvValue } | provenance | | +nodes +| test.js:4:9:4:20 | { EnvValue } | semmle.label | { EnvValue } | +| test.js:4:9:4:31 | EnvValue | semmle.label | EnvValue | +| test.js:4:24:4:31 | req.body | semmle.label | req.body | +| test.js:5:35:5:42 | EnvValue | semmle.label | EnvValue | +| test.js:6:23:6:30 | EnvValue | semmle.label | EnvValue | +| test.js:7:22:7:29 | EnvValue | semmle.label | EnvValue | +subpaths #select | test.js:5:35:5:42 | EnvValue | test.js:4:24:4:31 | req.body | test.js:5:35:5:42 | EnvValue | this environment variable assignment is $@. | test.js:4:24:4:31 | req.body | user controllable | | test.js:6:23:6:30 | EnvValue | test.js:4:24:4:31 | req.body | test.js:6:23:6:30 | EnvValue | this environment variable assignment is $@. | test.js:4:24:4:31 | req.body | user controllable | diff --git a/javascript/ql/test/experimental/Security/CWE-347/localsource/decodeJwtWithoutVerificationLocalSource.expected b/javascript/ql/test/experimental/Security/CWE-347/localsource/decodeJwtWithoutVerificationLocalSource.expected index a3fe059065b..0f67cfc8513 100644 --- a/javascript/ql/test/experimental/Security/CWE-347/localsource/decodeJwtWithoutVerificationLocalSource.expected +++ b/javascript/ql/test/experimental/Security/CWE-347/localsource/decodeJwtWithoutVerificationLocalSource.expected @@ -1,137 +1,78 @@ -nodes -| JsonWebToken.js:13:11:13:28 | UserToken | -| JsonWebToken.js:13:23:13:28 | aJwt() | -| JsonWebToken.js:13:23:13:28 | aJwt() | -| JsonWebToken.js:16:28:16:36 | UserToken | -| JsonWebToken.js:16:28:16:36 | UserToken | -| JsonWebToken.js:20:11:20:28 | UserToken | -| JsonWebToken.js:20:23:20:28 | aJwt() | -| JsonWebToken.js:20:23:20:28 | aJwt() | -| JsonWebToken.js:23:28:23:36 | UserToken | -| JsonWebToken.js:23:28:23:36 | UserToken | -| JsonWebToken.js:24:28:24:36 | UserToken | -| JsonWebToken.js:24:28:24:36 | UserToken | -| JsonWebToken.js:28:11:28:28 | UserToken | -| JsonWebToken.js:28:23:28:28 | aJwt() | -| JsonWebToken.js:28:23:28:28 | aJwt() | -| JsonWebToken.js:31:28:31:36 | UserToken | -| JsonWebToken.js:31:28:31:36 | UserToken | -| JsonWebToken.js:35:11:35:28 | UserToken | -| JsonWebToken.js:35:23:35:28 | aJwt() | -| JsonWebToken.js:35:23:35:28 | aJwt() | -| JsonWebToken.js:38:28:38:36 | UserToken | -| JsonWebToken.js:38:28:38:36 | UserToken | -| JsonWebToken.js:39:28:39:36 | UserToken | -| JsonWebToken.js:39:28:39:36 | UserToken | -| JsonWebToken.js:43:11:43:28 | UserToken | -| JsonWebToken.js:43:23:43:28 | aJwt() | -| JsonWebToken.js:43:23:43:28 | aJwt() | -| JsonWebToken.js:46:28:46:36 | UserToken | -| JsonWebToken.js:46:28:46:36 | UserToken | -| JsonWebToken.js:47:28:47:36 | UserToken | -| JsonWebToken.js:47:28:47:36 | UserToken | -| jose.js:12:11:12:28 | UserToken | -| jose.js:12:23:12:28 | aJwt() | -| jose.js:12:23:12:28 | aJwt() | -| jose.js:15:20:15:28 | UserToken | -| jose.js:15:20:15:28 | UserToken | -| jose.js:19:11:19:28 | UserToken | -| jose.js:19:23:19:28 | aJwt() | -| jose.js:19:23:19:28 | aJwt() | -| jose.js:22:20:22:28 | UserToken | -| jose.js:22:20:22:28 | UserToken | -| jose.js:23:26:23:34 | UserToken | -| jose.js:23:26:23:34 | UserToken | -| jose.js:27:11:27:28 | UserToken | -| jose.js:27:23:27:28 | aJwt() | -| jose.js:27:23:27:28 | aJwt() | -| jose.js:30:26:30:34 | UserToken | -| jose.js:30:26:30:34 | UserToken | -| jwtDecode.js:13:11:13:28 | UserToken | -| jwtDecode.js:13:23:13:28 | aJwt() | -| jwtDecode.js:13:23:13:28 | aJwt() | -| jwtDecode.js:17:16:17:24 | UserToken | -| jwtDecode.js:17:16:17:24 | UserToken | -| jwtSimple.js:13:11:13:28 | UserToken | -| jwtSimple.js:13:23:13:28 | aJwt() | -| jwtSimple.js:13:23:13:28 | aJwt() | -| jwtSimple.js:16:23:16:31 | UserToken | -| jwtSimple.js:16:23:16:31 | UserToken | -| jwtSimple.js:20:11:20:28 | UserToken | -| jwtSimple.js:20:23:20:28 | aJwt() | -| jwtSimple.js:20:23:20:28 | aJwt() | -| jwtSimple.js:23:23:23:31 | UserToken | -| jwtSimple.js:23:23:23:31 | UserToken | -| jwtSimple.js:24:23:24:31 | UserToken | -| jwtSimple.js:24:23:24:31 | UserToken | -| jwtSimple.js:28:11:28:28 | UserToken | -| jwtSimple.js:28:23:28:28 | aJwt() | -| jwtSimple.js:28:23:28:28 | aJwt() | -| jwtSimple.js:31:23:31:31 | UserToken | -| jwtSimple.js:31:23:31:31 | UserToken | -| jwtSimple.js:32:23:32:31 | UserToken | -| jwtSimple.js:32:23:32:31 | UserToken | edges -| JsonWebToken.js:13:11:13:28 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken | -| JsonWebToken.js:13:11:13:28 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken | -| JsonWebToken.js:13:23:13:28 | aJwt() | JsonWebToken.js:13:11:13:28 | UserToken | -| JsonWebToken.js:13:23:13:28 | aJwt() | JsonWebToken.js:13:11:13:28 | UserToken | -| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken | -| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken | -| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken | -| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken | -| JsonWebToken.js:20:23:20:28 | aJwt() | JsonWebToken.js:20:11:20:28 | UserToken | -| JsonWebToken.js:20:23:20:28 | aJwt() | JsonWebToken.js:20:11:20:28 | UserToken | -| JsonWebToken.js:28:11:28:28 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken | -| JsonWebToken.js:28:11:28:28 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken | -| JsonWebToken.js:28:23:28:28 | aJwt() | JsonWebToken.js:28:11:28:28 | UserToken | -| JsonWebToken.js:28:23:28:28 | aJwt() | JsonWebToken.js:28:11:28:28 | UserToken | -| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken | -| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken | -| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken | -| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken | -| JsonWebToken.js:35:23:35:28 | aJwt() | JsonWebToken.js:35:11:35:28 | UserToken | -| JsonWebToken.js:35:23:35:28 | aJwt() | JsonWebToken.js:35:11:35:28 | UserToken | -| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken | -| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken | -| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken | -| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken | -| JsonWebToken.js:43:23:43:28 | aJwt() | JsonWebToken.js:43:11:43:28 | UserToken | -| JsonWebToken.js:43:23:43:28 | aJwt() | JsonWebToken.js:43:11:43:28 | UserToken | -| jose.js:12:11:12:28 | UserToken | jose.js:15:20:15:28 | UserToken | -| jose.js:12:11:12:28 | UserToken | jose.js:15:20:15:28 | UserToken | -| jose.js:12:23:12:28 | aJwt() | jose.js:12:11:12:28 | UserToken | -| jose.js:12:23:12:28 | aJwt() | jose.js:12:11:12:28 | UserToken | -| jose.js:19:11:19:28 | UserToken | jose.js:22:20:22:28 | UserToken | -| jose.js:19:11:19:28 | UserToken | jose.js:22:20:22:28 | UserToken | -| jose.js:19:11:19:28 | UserToken | jose.js:23:26:23:34 | UserToken | -| jose.js:19:11:19:28 | UserToken | jose.js:23:26:23:34 | UserToken | -| jose.js:19:23:19:28 | aJwt() | jose.js:19:11:19:28 | UserToken | -| jose.js:19:23:19:28 | aJwt() | jose.js:19:11:19:28 | UserToken | -| jose.js:27:11:27:28 | UserToken | jose.js:30:26:30:34 | UserToken | -| jose.js:27:11:27:28 | UserToken | jose.js:30:26:30:34 | UserToken | -| jose.js:27:23:27:28 | aJwt() | jose.js:27:11:27:28 | UserToken | -| jose.js:27:23:27:28 | aJwt() | jose.js:27:11:27:28 | UserToken | -| jwtDecode.js:13:11:13:28 | UserToken | jwtDecode.js:17:16:17:24 | UserToken | -| jwtDecode.js:13:11:13:28 | UserToken | jwtDecode.js:17:16:17:24 | UserToken | -| jwtDecode.js:13:23:13:28 | aJwt() | jwtDecode.js:13:11:13:28 | UserToken | -| jwtDecode.js:13:23:13:28 | aJwt() | jwtDecode.js:13:11:13:28 | UserToken | -| jwtSimple.js:13:11:13:28 | UserToken | jwtSimple.js:16:23:16:31 | UserToken | -| jwtSimple.js:13:11:13:28 | UserToken | jwtSimple.js:16:23:16:31 | UserToken | -| jwtSimple.js:13:23:13:28 | aJwt() | jwtSimple.js:13:11:13:28 | UserToken | -| jwtSimple.js:13:23:13:28 | aJwt() | jwtSimple.js:13:11:13:28 | UserToken | -| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:23:23:23:31 | UserToken | -| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:23:23:23:31 | UserToken | -| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:24:23:24:31 | UserToken | -| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:24:23:24:31 | UserToken | -| jwtSimple.js:20:23:20:28 | aJwt() | jwtSimple.js:20:11:20:28 | UserToken | -| jwtSimple.js:20:23:20:28 | aJwt() | jwtSimple.js:20:11:20:28 | UserToken | -| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:31:23:31:31 | UserToken | -| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:31:23:31:31 | UserToken | -| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:32:23:32:31 | UserToken | -| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:32:23:32:31 | UserToken | -| jwtSimple.js:28:23:28:28 | aJwt() | jwtSimple.js:28:11:28:28 | UserToken | -| jwtSimple.js:28:23:28:28 | aJwt() | jwtSimple.js:28:11:28:28 | UserToken | +| JsonWebToken.js:13:11:13:28 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken | provenance | | +| JsonWebToken.js:13:23:13:28 | aJwt() | JsonWebToken.js:13:11:13:28 | UserToken | provenance | | +| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken | provenance | | +| JsonWebToken.js:20:11:20:28 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken | provenance | | +| JsonWebToken.js:20:23:20:28 | aJwt() | JsonWebToken.js:20:11:20:28 | UserToken | provenance | | +| JsonWebToken.js:28:11:28:28 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken | provenance | | +| JsonWebToken.js:28:23:28:28 | aJwt() | JsonWebToken.js:28:11:28:28 | UserToken | provenance | | +| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken | provenance | | +| JsonWebToken.js:35:11:35:28 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken | provenance | | +| JsonWebToken.js:35:23:35:28 | aJwt() | JsonWebToken.js:35:11:35:28 | UserToken | provenance | | +| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken | provenance | | +| JsonWebToken.js:43:11:43:28 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken | provenance | | +| JsonWebToken.js:43:23:43:28 | aJwt() | JsonWebToken.js:43:11:43:28 | UserToken | provenance | | +| jose.js:12:11:12:28 | UserToken | jose.js:15:20:15:28 | UserToken | provenance | | +| jose.js:12:23:12:28 | aJwt() | jose.js:12:11:12:28 | UserToken | provenance | | +| jose.js:19:11:19:28 | UserToken | jose.js:22:20:22:28 | UserToken | provenance | | +| jose.js:19:11:19:28 | UserToken | jose.js:23:26:23:34 | UserToken | provenance | | +| jose.js:19:23:19:28 | aJwt() | jose.js:19:11:19:28 | UserToken | provenance | | +| jose.js:27:11:27:28 | UserToken | jose.js:30:26:30:34 | UserToken | provenance | | +| jose.js:27:23:27:28 | aJwt() | jose.js:27:11:27:28 | UserToken | provenance | | +| jwtDecode.js:13:11:13:28 | UserToken | jwtDecode.js:17:16:17:24 | UserToken | provenance | | +| jwtDecode.js:13:23:13:28 | aJwt() | jwtDecode.js:13:11:13:28 | UserToken | provenance | | +| jwtSimple.js:13:11:13:28 | UserToken | jwtSimple.js:16:23:16:31 | UserToken | provenance | | +| jwtSimple.js:13:23:13:28 | aJwt() | jwtSimple.js:13:11:13:28 | UserToken | provenance | | +| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:23:23:23:31 | UserToken | provenance | | +| jwtSimple.js:20:11:20:28 | UserToken | jwtSimple.js:24:23:24:31 | UserToken | provenance | | +| jwtSimple.js:20:23:20:28 | aJwt() | jwtSimple.js:20:11:20:28 | UserToken | provenance | | +| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:31:23:31:31 | UserToken | provenance | | +| jwtSimple.js:28:11:28:28 | UserToken | jwtSimple.js:32:23:32:31 | UserToken | provenance | | +| jwtSimple.js:28:23:28:28 | aJwt() | jwtSimple.js:28:11:28:28 | UserToken | provenance | | +nodes +| JsonWebToken.js:13:11:13:28 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:13:23:13:28 | aJwt() | semmle.label | aJwt() | +| JsonWebToken.js:16:28:16:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:20:11:20:28 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:20:23:20:28 | aJwt() | semmle.label | aJwt() | +| JsonWebToken.js:23:28:23:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:24:28:24:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:28:11:28:28 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:28:23:28:28 | aJwt() | semmle.label | aJwt() | +| JsonWebToken.js:31:28:31:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:35:11:35:28 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:35:23:35:28 | aJwt() | semmle.label | aJwt() | +| JsonWebToken.js:38:28:38:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:39:28:39:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:43:11:43:28 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:43:23:43:28 | aJwt() | semmle.label | aJwt() | +| JsonWebToken.js:46:28:46:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:47:28:47:36 | UserToken | semmle.label | UserToken | +| jose.js:12:11:12:28 | UserToken | semmle.label | UserToken | +| jose.js:12:23:12:28 | aJwt() | semmle.label | aJwt() | +| jose.js:15:20:15:28 | UserToken | semmle.label | UserToken | +| jose.js:19:11:19:28 | UserToken | semmle.label | UserToken | +| jose.js:19:23:19:28 | aJwt() | semmle.label | aJwt() | +| jose.js:22:20:22:28 | UserToken | semmle.label | UserToken | +| jose.js:23:26:23:34 | UserToken | semmle.label | UserToken | +| jose.js:27:11:27:28 | UserToken | semmle.label | UserToken | +| jose.js:27:23:27:28 | aJwt() | semmle.label | aJwt() | +| jose.js:30:26:30:34 | UserToken | semmle.label | UserToken | +| jwtDecode.js:13:11:13:28 | UserToken | semmle.label | UserToken | +| jwtDecode.js:13:23:13:28 | aJwt() | semmle.label | aJwt() | +| jwtDecode.js:17:16:17:24 | UserToken | semmle.label | UserToken | +| jwtSimple.js:13:11:13:28 | UserToken | semmle.label | UserToken | +| jwtSimple.js:13:23:13:28 | aJwt() | semmle.label | aJwt() | +| jwtSimple.js:16:23:16:31 | UserToken | semmle.label | UserToken | +| jwtSimple.js:20:11:20:28 | UserToken | semmle.label | UserToken | +| jwtSimple.js:20:23:20:28 | aJwt() | semmle.label | aJwt() | +| jwtSimple.js:23:23:23:31 | UserToken | semmle.label | UserToken | +| jwtSimple.js:24:23:24:31 | UserToken | semmle.label | UserToken | +| jwtSimple.js:28:11:28:28 | UserToken | semmle.label | UserToken | +| jwtSimple.js:28:23:28:28 | aJwt() | semmle.label | aJwt() | +| jwtSimple.js:31:23:31:31 | UserToken | semmle.label | UserToken | +| jwtSimple.js:32:23:32:31 | UserToken | semmle.label | UserToken | +subpaths #select | JsonWebToken.js:13:23:13:28 | aJwt() | JsonWebToken.js:13:23:13:28 | aJwt() | JsonWebToken.js:16:28:16:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:16:28:16:36 | UserToken | without signature verification | | JsonWebToken.js:20:23:20:28 | aJwt() | JsonWebToken.js:20:23:20:28 | aJwt() | JsonWebToken.js:23:28:23:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:23:28:23:36 | UserToken | without signature verification | diff --git a/javascript/ql/test/experimental/Security/CWE-347/remotesource/decodeJwtWithoutVerification.expected b/javascript/ql/test/experimental/Security/CWE-347/remotesource/decodeJwtWithoutVerification.expected index ae3ef8507f6..bb6ca940759 100644 --- a/javascript/ql/test/experimental/Security/CWE-347/remotesource/decodeJwtWithoutVerification.expected +++ b/javascript/ql/test/experimental/Security/CWE-347/remotesource/decodeJwtWithoutVerification.expected @@ -1,157 +1,53 @@ -nodes -| JsonWebToken.js:10:11:10:47 | UserToken | -| JsonWebToken.js:10:23:10:47 | req.hea ... ization | -| JsonWebToken.js:10:23:10:47 | req.hea ... ization | -| JsonWebToken.js:13:28:13:36 | UserToken | -| JsonWebToken.js:13:28:13:36 | UserToken | -| JsonWebToken.js:17:11:17:47 | UserToken | -| JsonWebToken.js:17:23:17:47 | req.hea ... ization | -| JsonWebToken.js:17:23:17:47 | req.hea ... ization | -| JsonWebToken.js:20:28:20:36 | UserToken | -| JsonWebToken.js:20:28:20:36 | UserToken | -| JsonWebToken.js:21:28:21:36 | UserToken | -| JsonWebToken.js:21:28:21:36 | UserToken | -| JsonWebToken.js:25:11:25:47 | UserToken | -| JsonWebToken.js:25:23:25:47 | req.hea ... ization | -| JsonWebToken.js:25:23:25:47 | req.hea ... ization | -| JsonWebToken.js:28:28:28:36 | UserToken | -| JsonWebToken.js:28:28:28:36 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | -| JsonWebToken.js:35:28:35:36 | UserToken | -| JsonWebToken.js:35:28:35:36 | UserToken | -| JsonWebToken.js:36:28:36:36 | UserToken | -| JsonWebToken.js:36:28:36:36 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | -| JsonWebToken.js:43:28:43:36 | UserToken | -| JsonWebToken.js:43:28:43:36 | UserToken | -| JsonWebToken.js:44:28:44:36 | UserToken | -| JsonWebToken.js:44:28:44:36 | UserToken | -| jose.js:11:11:11:47 | UserToken | -| jose.js:11:23:11:47 | req.hea ... ization | -| jose.js:11:23:11:47 | req.hea ... ization | -| jose.js:13:20:13:28 | UserToken | -| jose.js:13:20:13:28 | UserToken | -| jose.js:18:11:18:47 | UserToken | -| jose.js:18:23:18:47 | req.hea ... ization | -| jose.js:18:23:18:47 | req.hea ... ization | -| jose.js:20:26:20:34 | UserToken | -| jose.js:20:26:20:34 | UserToken | -| jose.js:24:11:24:47 | UserToken | -| jose.js:24:11:24:47 | UserToken | -| jose.js:24:23:24:47 | req.hea ... ization | -| jose.js:24:23:24:47 | req.hea ... ization | -| jose.js:24:23:24:47 | req.hea ... ization | -| jose.js:24:23:24:47 | req.hea ... ization | -| jose.js:26:20:26:28 | UserToken | -| jose.js:26:20:26:28 | UserToken | -| jose.js:27:26:27:34 | UserToken | -| jose.js:27:26:27:34 | UserToken | -| jwtDecode.js:11:11:11:47 | UserToken | -| jwtDecode.js:11:23:11:47 | req.hea ... ization | -| jwtDecode.js:11:23:11:47 | req.hea ... ization | -| jwtDecode.js:15:16:15:24 | UserToken | -| jwtDecode.js:15:16:15:24 | UserToken | -| jwtSimple.js:10:11:10:47 | UserToken | -| jwtSimple.js:10:23:10:47 | req.hea ... ization | -| jwtSimple.js:10:23:10:47 | req.hea ... ization | -| jwtSimple.js:13:23:13:31 | UserToken | -| jwtSimple.js:13:23:13:31 | UserToken | -| jwtSimple.js:17:11:17:47 | UserToken | -| jwtSimple.js:17:23:17:47 | req.hea ... ization | -| jwtSimple.js:17:23:17:47 | req.hea ... ization | -| jwtSimple.js:20:23:20:31 | UserToken | -| jwtSimple.js:20:23:20:31 | UserToken | -| jwtSimple.js:21:23:21:31 | UserToken | -| jwtSimple.js:21:23:21:31 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | -| jwtSimple.js:28:23:28:31 | UserToken | -| jwtSimple.js:28:23:28:31 | UserToken | -| jwtSimple.js:29:23:29:31 | UserToken | -| jwtSimple.js:29:23:29:31 | UserToken | edges -| JsonWebToken.js:10:11:10:47 | UserToken | JsonWebToken.js:13:28:13:36 | UserToken | -| JsonWebToken.js:10:11:10:47 | UserToken | JsonWebToken.js:13:28:13:36 | UserToken | -| JsonWebToken.js:10:23:10:47 | req.hea ... ization | JsonWebToken.js:10:11:10:47 | UserToken | -| JsonWebToken.js:10:23:10:47 | req.hea ... ization | JsonWebToken.js:10:11:10:47 | UserToken | -| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:20:28:20:36 | UserToken | -| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:20:28:20:36 | UserToken | -| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:21:28:21:36 | UserToken | -| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:21:28:21:36 | UserToken | -| JsonWebToken.js:17:23:17:47 | req.hea ... ization | JsonWebToken.js:17:11:17:47 | UserToken | -| JsonWebToken.js:17:23:17:47 | req.hea ... ization | JsonWebToken.js:17:11:17:47 | UserToken | -| JsonWebToken.js:25:11:25:47 | UserToken | JsonWebToken.js:28:28:28:36 | UserToken | -| JsonWebToken.js:25:11:25:47 | UserToken | JsonWebToken.js:28:28:28:36 | UserToken | -| JsonWebToken.js:25:23:25:47 | req.hea ... ization | JsonWebToken.js:25:11:25:47 | UserToken | -| JsonWebToken.js:25:23:25:47 | req.hea ... ization | JsonWebToken.js:25:11:25:47 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | JsonWebToken.js:35:28:35:36 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | JsonWebToken.js:35:28:35:36 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | JsonWebToken.js:36:28:36:36 | UserToken | -| JsonWebToken.js:32:11:32:47 | UserToken | JsonWebToken.js:36:28:36:36 | UserToken | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:32:23:32:47 | req.hea ... ization | JsonWebToken.js:32:11:32:47 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | JsonWebToken.js:43:28:43:36 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | JsonWebToken.js:43:28:43:36 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | JsonWebToken.js:44:28:44:36 | UserToken | -| JsonWebToken.js:40:11:40:47 | UserToken | JsonWebToken.js:44:28:44:36 | UserToken | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | JsonWebToken.js:40:11:40:47 | UserToken | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | JsonWebToken.js:40:11:40:47 | UserToken | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | JsonWebToken.js:40:11:40:47 | UserToken | -| JsonWebToken.js:40:23:40:47 | req.hea ... ization | JsonWebToken.js:40:11:40:47 | UserToken | -| jose.js:11:11:11:47 | UserToken | jose.js:13:20:13:28 | UserToken | -| jose.js:11:11:11:47 | UserToken | jose.js:13:20:13:28 | UserToken | -| jose.js:11:23:11:47 | req.hea ... ization | jose.js:11:11:11:47 | UserToken | -| jose.js:11:23:11:47 | req.hea ... ization | jose.js:11:11:11:47 | UserToken | -| jose.js:18:11:18:47 | UserToken | jose.js:20:26:20:34 | UserToken | -| jose.js:18:11:18:47 | UserToken | jose.js:20:26:20:34 | UserToken | -| jose.js:18:23:18:47 | req.hea ... ization | jose.js:18:11:18:47 | UserToken | -| jose.js:18:23:18:47 | req.hea ... ization | jose.js:18:11:18:47 | UserToken | -| jose.js:24:11:24:47 | UserToken | jose.js:26:20:26:28 | UserToken | -| jose.js:24:11:24:47 | UserToken | jose.js:26:20:26:28 | UserToken | -| jose.js:24:11:24:47 | UserToken | jose.js:27:26:27:34 | UserToken | -| jose.js:24:11:24:47 | UserToken | jose.js:27:26:27:34 | UserToken | -| jose.js:24:23:24:47 | req.hea ... ization | jose.js:24:11:24:47 | UserToken | -| jose.js:24:23:24:47 | req.hea ... ization | jose.js:24:11:24:47 | UserToken | -| jose.js:24:23:24:47 | req.hea ... ization | jose.js:24:11:24:47 | UserToken | -| jose.js:24:23:24:47 | req.hea ... ization | jose.js:24:11:24:47 | UserToken | -| jwtDecode.js:11:11:11:47 | UserToken | jwtDecode.js:15:16:15:24 | UserToken | -| jwtDecode.js:11:11:11:47 | UserToken | jwtDecode.js:15:16:15:24 | UserToken | -| jwtDecode.js:11:23:11:47 | req.hea ... ization | jwtDecode.js:11:11:11:47 | UserToken | -| jwtDecode.js:11:23:11:47 | req.hea ... ization | jwtDecode.js:11:11:11:47 | UserToken | -| jwtSimple.js:10:11:10:47 | UserToken | jwtSimple.js:13:23:13:31 | UserToken | -| jwtSimple.js:10:11:10:47 | UserToken | jwtSimple.js:13:23:13:31 | UserToken | -| jwtSimple.js:10:23:10:47 | req.hea ... ization | jwtSimple.js:10:11:10:47 | UserToken | -| jwtSimple.js:10:23:10:47 | req.hea ... ization | jwtSimple.js:10:11:10:47 | UserToken | -| jwtSimple.js:17:11:17:47 | UserToken | jwtSimple.js:20:23:20:31 | UserToken | -| jwtSimple.js:17:11:17:47 | UserToken | jwtSimple.js:20:23:20:31 | UserToken | -| jwtSimple.js:17:11:17:47 | UserToken | jwtSimple.js:21:23:21:31 | UserToken | -| jwtSimple.js:17:11:17:47 | UserToken | jwtSimple.js:21:23:21:31 | UserToken | -| jwtSimple.js:17:23:17:47 | req.hea ... ization | jwtSimple.js:17:11:17:47 | UserToken | -| jwtSimple.js:17:23:17:47 | req.hea ... ization | jwtSimple.js:17:11:17:47 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | jwtSimple.js:28:23:28:31 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | jwtSimple.js:28:23:28:31 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | jwtSimple.js:29:23:29:31 | UserToken | -| jwtSimple.js:25:11:25:47 | UserToken | jwtSimple.js:29:23:29:31 | UserToken | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | jwtSimple.js:25:11:25:47 | UserToken | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | jwtSimple.js:25:11:25:47 | UserToken | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | jwtSimple.js:25:11:25:47 | UserToken | -| jwtSimple.js:25:23:25:47 | req.hea ... ization | jwtSimple.js:25:11:25:47 | UserToken | +| JsonWebToken.js:10:11:10:47 | UserToken | JsonWebToken.js:13:28:13:36 | UserToken | provenance | | +| JsonWebToken.js:10:23:10:47 | req.hea ... ization | JsonWebToken.js:10:11:10:47 | UserToken | provenance | | +| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:20:28:20:36 | UserToken | provenance | | +| JsonWebToken.js:17:11:17:47 | UserToken | JsonWebToken.js:21:28:21:36 | UserToken | provenance | | +| JsonWebToken.js:17:23:17:47 | req.hea ... ization | JsonWebToken.js:17:11:17:47 | UserToken | provenance | | +| JsonWebToken.js:32:11:32:47 | UserToken | JsonWebToken.js:35:28:35:36 | UserToken | provenance | | +| JsonWebToken.js:32:23:32:47 | req.hea ... ization | JsonWebToken.js:32:11:32:47 | UserToken | provenance | | +| JsonWebToken.js:40:11:40:47 | UserToken | JsonWebToken.js:43:28:43:36 | UserToken | provenance | | +| JsonWebToken.js:40:23:40:47 | req.hea ... ization | JsonWebToken.js:40:11:40:47 | UserToken | provenance | | +| jose.js:11:11:11:47 | UserToken | jose.js:13:20:13:28 | UserToken | provenance | | +| jose.js:11:23:11:47 | req.hea ... ization | jose.js:11:11:11:47 | UserToken | provenance | | +| jose.js:24:11:24:47 | UserToken | jose.js:26:20:26:28 | UserToken | provenance | | +| jose.js:24:23:24:47 | req.hea ... ization | jose.js:24:11:24:47 | UserToken | provenance | | +| jwtDecode.js:11:11:11:47 | UserToken | jwtDecode.js:15:16:15:24 | UserToken | provenance | | +| jwtDecode.js:11:23:11:47 | req.hea ... ization | jwtDecode.js:11:11:11:47 | UserToken | provenance | | +| jwtSimple.js:10:11:10:47 | UserToken | jwtSimple.js:13:23:13:31 | UserToken | provenance | | +| jwtSimple.js:10:23:10:47 | req.hea ... ization | jwtSimple.js:10:11:10:47 | UserToken | provenance | | +| jwtSimple.js:25:11:25:47 | UserToken | jwtSimple.js:28:23:28:31 | UserToken | provenance | | +| jwtSimple.js:25:23:25:47 | req.hea ... ization | jwtSimple.js:25:11:25:47 | UserToken | provenance | | +nodes +| JsonWebToken.js:10:11:10:47 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:10:23:10:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| JsonWebToken.js:13:28:13:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:17:11:17:47 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:17:23:17:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| JsonWebToken.js:20:28:20:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:21:28:21:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:32:11:32:47 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:32:23:32:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| JsonWebToken.js:35:28:35:36 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:40:11:40:47 | UserToken | semmle.label | UserToken | +| JsonWebToken.js:40:23:40:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| JsonWebToken.js:43:28:43:36 | UserToken | semmle.label | UserToken | +| jose.js:11:11:11:47 | UserToken | semmle.label | UserToken | +| jose.js:11:23:11:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| jose.js:13:20:13:28 | UserToken | semmle.label | UserToken | +| jose.js:24:11:24:47 | UserToken | semmle.label | UserToken | +| jose.js:24:23:24:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| jose.js:26:20:26:28 | UserToken | semmle.label | UserToken | +| jwtDecode.js:11:11:11:47 | UserToken | semmle.label | UserToken | +| jwtDecode.js:11:23:11:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| jwtDecode.js:15:16:15:24 | UserToken | semmle.label | UserToken | +| jwtSimple.js:10:11:10:47 | UserToken | semmle.label | UserToken | +| jwtSimple.js:10:23:10:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| jwtSimple.js:13:23:13:31 | UserToken | semmle.label | UserToken | +| jwtSimple.js:25:11:25:47 | UserToken | semmle.label | UserToken | +| jwtSimple.js:25:23:25:47 | req.hea ... ization | semmle.label | req.hea ... ization | +| jwtSimple.js:28:23:28:31 | UserToken | semmle.label | UserToken | +subpaths #select | JsonWebToken.js:10:23:10:47 | req.hea ... ization | JsonWebToken.js:10:23:10:47 | req.hea ... ization | JsonWebToken.js:13:28:13:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:13:28:13:36 | UserToken | without signature verification | | JsonWebToken.js:17:23:17:47 | req.hea ... ization | JsonWebToken.js:17:23:17:47 | req.hea ... ization | JsonWebToken.js:20:28:20:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:20:28:20:36 | UserToken | without signature verification | diff --git a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected index b8f58cb4c78..da02dc24848 100644 --- a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected +++ b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected @@ -1,165 +1,70 @@ -nodes -| check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | edges -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | +| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | provenance | | +| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | provenance | | +| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | provenance | | +| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | provenance | | +| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | provenance | | +| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | provenance | | +| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | provenance | | +| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | provenance | | +| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | provenance | | +| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | provenance | | +| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | provenance | | +| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | provenance | | +| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | provenance | | +| check-regex.js:61:25:61:42 | req.params.tainted | check-regex.js:61:15:61:42 | baseURL ... tainted | provenance | | +| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | provenance | | +| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | provenance | | +| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | provenance | | +| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | provenance | | +| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | provenance | | +| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | provenance | | +| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | provenance | | +| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | provenance | | +nodes +| check-domain.js:16:9:16:27 | url | semmle.label | url | +| check-domain.js:16:15:16:27 | req.query.url | semmle.label | req.query.url | +| check-domain.js:17:13:17:15 | url | semmle.label | url | +| check-domain.js:26:15:26:27 | req.query.url | semmle.label | req.query.url | +| check-middleware.js:9:13:9:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-middleware.js:9:27:9:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:19:13:19:43 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:19:27:19:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:23:13:23:45 | `/addre ... inted}` | semmle.label | `/addre ... inted}` | +| check-path.js:23:27:23:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:33:15:33:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:33:29:33:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:37:15:37:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:37:29:37:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:45:13:45:44 | `${base ... inted}` | semmle.label | `${base ... inted}` | +| check-path.js:45:26:45:42 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:16:15:16:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:16:29:16:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:24:15:24:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:24:25:24:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:31:15:31:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:31:29:31:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:34:15:34:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:34:25:34:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:41:13:41:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:41:27:41:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:61:15:61:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:61:25:61:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-validator.js:15:15:15:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:15:29:15:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:27:15:27:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:27:29:27:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:50:15:50:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:50:29:50:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:54:9:54:37 | numberURL | semmle.label | numberURL | +| check-validator.js:54:21:54:37 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:59:15:59:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:59:29:59:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:62:15:62:37 | "test.c ... mberURL | semmle.label | "test.c ... mberURL | +| check-validator.js:62:29:62:37 | numberURL | semmle.label | numberURL | +| check-validator.js:68:15:68:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:68:29:68:45 | req.query.tainted | semmle.label | req.query.tainted | +subpaths #select | check-domain.js:17:13:17:15 | url | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:17:13:17:15 | url | The URL of this request depends on a user-provided value. | | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value. | diff --git a/javascript/ql/test/experimental/Security/CWE-942/CorsPermissiveConfiguration.expected b/javascript/ql/test/experimental/Security/CWE-942/CorsPermissiveConfiguration.expected index 965fc4c722b..6c28b7105a1 100644 --- a/javascript/ql/test/experimental/Security/CWE-942/CorsPermissiveConfiguration.expected +++ b/javascript/ql/test/experimental/Security/CWE-942/CorsPermissiveConfiguration.expected @@ -1,50 +1,34 @@ -nodes -| apollo-test.js:8:9:8:59 | user_origin | -| apollo-test.js:8:23:8:46 | url.par ... , true) | -| apollo-test.js:8:23:8:52 | url.par ... ).query | -| apollo-test.js:8:23:8:59 | url.par ... .origin | -| apollo-test.js:8:33:8:39 | req.url | -| apollo-test.js:8:33:8:39 | req.url | -| apollo-test.js:11:25:11:28 | true | -| apollo-test.js:11:25:11:28 | true | -| apollo-test.js:11:25:11:28 | true | -| apollo-test.js:21:25:21:28 | null | -| apollo-test.js:21:25:21:28 | null | -| apollo-test.js:21:25:21:28 | null | -| apollo-test.js:26:25:26:35 | user_origin | -| apollo-test.js:26:25:26:35 | user_origin | -| express-test.js:10:9:10:59 | user_origin | -| express-test.js:10:23:10:46 | url.par ... , true) | -| express-test.js:10:23:10:52 | url.par ... ).query | -| express-test.js:10:23:10:59 | url.par ... .origin | -| express-test.js:10:33:10:39 | req.url | -| express-test.js:10:33:10:39 | req.url | -| express-test.js:26:17:26:19 | '*' | -| express-test.js:26:17:26:19 | '*' | -| express-test.js:26:17:26:19 | '*' | -| express-test.js:33:17:33:27 | user_origin | -| express-test.js:33:17:33:27 | user_origin | edges -| apollo-test.js:8:9:8:59 | user_origin | apollo-test.js:26:25:26:35 | user_origin | -| apollo-test.js:8:9:8:59 | user_origin | apollo-test.js:26:25:26:35 | user_origin | -| apollo-test.js:8:23:8:46 | url.par ... , true) | apollo-test.js:8:23:8:52 | url.par ... ).query | -| apollo-test.js:8:23:8:52 | url.par ... ).query | apollo-test.js:8:23:8:59 | url.par ... .origin | -| apollo-test.js:8:23:8:59 | url.par ... .origin | apollo-test.js:8:9:8:59 | user_origin | -| apollo-test.js:8:33:8:39 | req.url | apollo-test.js:8:23:8:46 | url.par ... , true) | -| apollo-test.js:8:33:8:39 | req.url | apollo-test.js:8:23:8:46 | url.par ... , true) | -| apollo-test.js:11:25:11:28 | true | apollo-test.js:11:25:11:28 | true | -| apollo-test.js:21:25:21:28 | null | apollo-test.js:21:25:21:28 | null | -| express-test.js:10:9:10:59 | user_origin | express-test.js:33:17:33:27 | user_origin | -| express-test.js:10:9:10:59 | user_origin | express-test.js:33:17:33:27 | user_origin | -| express-test.js:10:23:10:46 | url.par ... , true) | express-test.js:10:23:10:52 | url.par ... ).query | -| express-test.js:10:23:10:52 | url.par ... ).query | express-test.js:10:23:10:59 | url.par ... .origin | -| express-test.js:10:23:10:59 | url.par ... .origin | express-test.js:10:9:10:59 | user_origin | -| express-test.js:10:33:10:39 | req.url | express-test.js:10:23:10:46 | url.par ... , true) | -| express-test.js:10:33:10:39 | req.url | express-test.js:10:23:10:46 | url.par ... , true) | -| express-test.js:26:17:26:19 | '*' | express-test.js:26:17:26:19 | '*' | +| apollo-test.js:8:9:8:59 | user_origin | apollo-test.js:26:25:26:35 | user_origin | provenance | | +| apollo-test.js:8:9:8:59 | user_origin | apollo-test.js:26:25:26:35 | user_origin | provenance | | +| apollo-test.js:8:23:8:46 | url.par ... , true) | apollo-test.js:8:9:8:59 | user_origin | provenance | | +| apollo-test.js:8:23:8:46 | url.par ... , true) | apollo-test.js:8:9:8:59 | user_origin | provenance | | +| apollo-test.js:8:33:8:39 | req.url | apollo-test.js:8:23:8:46 | url.par ... , true) | provenance | | +| apollo-test.js:8:42:8:45 | true | apollo-test.js:8:23:8:46 | url.par ... , true) | provenance | | +| express-test.js:10:9:10:59 | user_origin | express-test.js:33:17:33:27 | user_origin | provenance | | +| express-test.js:10:23:10:46 | url.par ... , true) | express-test.js:10:9:10:59 | user_origin | provenance | | +| express-test.js:10:33:10:39 | req.url | express-test.js:10:23:10:46 | url.par ... , true) | provenance | | +nodes +| apollo-test.js:8:9:8:59 | user_origin | semmle.label | user_origin | +| apollo-test.js:8:9:8:59 | user_origin | semmle.label | user_origin | +| apollo-test.js:8:23:8:46 | url.par ... , true) | semmle.label | url.par ... , true) | +| apollo-test.js:8:23:8:46 | url.par ... , true) | semmle.label | url.par ... , true) | +| apollo-test.js:8:33:8:39 | req.url | semmle.label | req.url | +| apollo-test.js:8:42:8:45 | true | semmle.label | true | +| apollo-test.js:11:25:11:28 | true | semmle.label | true | +| apollo-test.js:21:25:21:28 | null | semmle.label | null | +| apollo-test.js:26:25:26:35 | user_origin | semmle.label | user_origin | +| apollo-test.js:26:25:26:35 | user_origin | semmle.label | user_origin | +| express-test.js:10:9:10:59 | user_origin | semmle.label | user_origin | +| express-test.js:10:23:10:46 | url.par ... , true) | semmle.label | url.par ... , true) | +| express-test.js:10:33:10:39 | req.url | semmle.label | req.url | +| express-test.js:26:17:26:19 | '*' | semmle.label | '*' | +| express-test.js:33:17:33:27 | user_origin | semmle.label | user_origin | +subpaths #select | apollo-test.js:11:25:11:28 | true | apollo-test.js:11:25:11:28 | true | apollo-test.js:11:25:11:28 | true | CORS Origin misconfiguration due to a $@. | apollo-test.js:11:25:11:28 | true | too permissive or user controlled value | | apollo-test.js:21:25:21:28 | null | apollo-test.js:21:25:21:28 | null | apollo-test.js:21:25:21:28 | null | CORS Origin misconfiguration due to a $@. | apollo-test.js:21:25:21:28 | null | too permissive or user controlled value | | apollo-test.js:26:25:26:35 | user_origin | apollo-test.js:8:33:8:39 | req.url | apollo-test.js:26:25:26:35 | user_origin | CORS Origin misconfiguration due to a $@. | apollo-test.js:8:33:8:39 | req.url | too permissive or user controlled value | +| apollo-test.js:26:25:26:35 | user_origin | apollo-test.js:8:42:8:45 | true | apollo-test.js:26:25:26:35 | user_origin | CORS Origin misconfiguration due to a $@. | apollo-test.js:8:42:8:45 | true | too permissive or user controlled value | | express-test.js:26:17:26:19 | '*' | express-test.js:26:17:26:19 | '*' | express-test.js:26:17:26:19 | '*' | CORS Origin misconfiguration due to a $@. | express-test.js:26:17:26:19 | '*' | too permissive or user controlled value | | express-test.js:33:17:33:27 | user_origin | express-test.js:10:33:10:39 | req.url | express-test.js:33:17:33:27 | user_origin | CORS Origin misconfiguration due to a $@. | express-test.js:10:33:10:39 | req.url | too permissive or user controlled value | diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.expected b/javascript/ql/test/library-tests/Arrays/DataFlow.expected index 07fabfb7270..e1e80ee50ff 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.expected @@ -1,9 +1,13 @@ +legacyDataFlowDifference +| arrays.js:2:16:2:23 | "source" | arrays.js:58:8:58:13 | arr[0] | only flow with NEW data flow library | +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() | | arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | +| arrays.js:2:16:2:23 | "source" | arrays.js:58:8:58:13 | arr[0] | | arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:69:10:69:10 | x | @@ -13,8 +17,8 @@ | arrays.js:2:16:2:23 | "source" | arrays.js:86:8:86:35 | arrayFi ... llback) | | arrays.js:2:16:2:23 | "source" | arrays.js:90:10:90:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:93:8:93:17 | arr.at(-1) | -| arrays.js:2:16:2:23 | "source" | arrays.js:109:8:109:24 | arr8_spread.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:111:8:111:33 | arr.fin ... llback) | +| arrays.js:2:16:2:23 | "source" | arrays.js:110:8:110:24 | arr8_spread.pop() | +| arrays.js:2:16:2:23 | "source" | arrays.js:112:8:112:33 | arr.fin ... llback) | | arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e | | arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() | | arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() | @@ -24,10 +28,12 @@ | arrays.js:29:21:29:28 | "source" | arrays.js:50:8:50:17 | arr6.pop() | | arrays.js:33:37:33:44 | "source" | arrays.js:35:8:35:25 | arr4_variant.pop() | | arrays.js:53:4:53:11 | "source" | arrays.js:54:10:54:18 | ary.pop() | -| arrays.js:99:31:99:38 | "source" | arrays.js:100:8:100:17 | arr8.pop() | -| arrays.js:103:55:103:62 | "source" | arrays.js:105:8:105:25 | arr8_variant.pop() | -| arrays.js:114:19:114:26 | "source" | arrays.js:115:50:115:53 | item | -| arrays.js:114:19:114:26 | "source" | arrays.js:116:10:116:16 | element | -| arrays.js:120:19:120:26 | "source" | arrays.js:121:46:121:49 | item | -| arrays.js:120:19:120:26 | "source" | arrays.js:122:10:122:16 | element | -| arrays.js:126:19:126:26 | "source" | arrays.js:127:55:127:58 | item | +| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:40 | ["sourc ... ).pop() | +| arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() | +| arrays.js:100:31:100:38 | "source" | arrays.js:101:8:101:17 | arr8.pop() | +| arrays.js:104:55:104:62 | "source" | arrays.js:106:8:106:25 | arr8_variant.pop() | +| arrays.js:115:19:115:26 | "source" | arrays.js:116:50:116:53 | item | +| arrays.js:115:19:115:26 | "source" | arrays.js:117:10:117:16 | element | +| arrays.js:121:19:121:26 | "source" | arrays.js:122:46:122:49 | item | +| arrays.js:121:19:121:26 | "source" | arrays.js:123:10:123:16 | element | +| arrays.js:127:19:127:26 | "source" | arrays.js:128:55:128:58 | item | diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.ql b/javascript/ql/test/library-tests/Arrays/DataFlow.ql index 5c5f4a0d10e..addafce5497 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.ql @@ -1,18 +1,26 @@ import javascript -class ArrayFlowConfig extends DataFlow::Configuration { - ArrayFlowConfig() { this = "ArrayFlowConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" or source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = DataFlow::Global; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected index 246a52e803b..c6456744a29 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | @@ -14,8 +16,8 @@ | arrays.js:2:16:2:23 | "source" | arrays.js:86:8:86:35 | arrayFi ... llback) | | arrays.js:2:16:2:23 | "source" | arrays.js:90:10:90:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:93:8:93:17 | arr.at(-1) | -| arrays.js:2:16:2:23 | "source" | arrays.js:109:8:109:24 | arr8_spread.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:111:8:111:33 | arr.fin ... llback) | +| arrays.js:2:16:2:23 | "source" | arrays.js:110:8:110:24 | arr8_spread.pop() | +| arrays.js:2:16:2:23 | "source" | arrays.js:112:8:112:33 | arr.fin ... llback) | | arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e | | arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() | | arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() | @@ -26,17 +28,18 @@ | arrays.js:33:37:33:44 | "source" | arrays.js:35:8:35:25 | arr4_variant.pop() | | arrays.js:53:4:53:11 | "source" | arrays.js:54:10:54:18 | ary.pop() | | arrays.js:53:4:53:11 | "source" | arrays.js:55:10:55:12 | ary | -| arrays.js:95:9:95:16 | "source" | arrays.js:95:8:95:34 | ["sourc ... ) => x) | -| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:36 | ["sourc ... => !!x) | -| arrays.js:99:31:99:38 | "source" | arrays.js:100:8:100:17 | arr8.pop() | -| arrays.js:103:55:103:62 | "source" | arrays.js:105:8:105:25 | arr8_variant.pop() | -| arrays.js:114:19:114:26 | "source" | arrays.js:115:50:115:53 | item | -| arrays.js:114:19:114:26 | "source" | arrays.js:116:10:116:16 | element | -| arrays.js:120:19:120:26 | "source" | arrays.js:121:46:121:49 | item | -| arrays.js:120:19:120:26 | "source" | arrays.js:122:10:122:16 | element | -| arrays.js:126:19:126:26 | "source" | arrays.js:127:55:127:58 | item | -| arrays.js:131:17:131:24 | source() | arrays.js:132:46:132:49 | item | -| arrays.js:131:17:131:24 | source() | arrays.js:133:10:133:17 | element1 | -| arrays.js:137:17:137:24 | source() | arrays.js:138:50:138:53 | item | -| arrays.js:137:17:137:24 | source() | arrays.js:139:10:139:17 | element1 | -| arrays.js:143:17:143:24 | source() | arrays.js:144:55:144:58 | item | +| arrays.js:95:9:95:16 | "source" | arrays.js:95:8:95:17 | ["source"] | +| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:40 | ["sourc ... ).pop() | +| arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() | +| arrays.js:100:31:100:38 | "source" | arrays.js:101:8:101:17 | arr8.pop() | +| arrays.js:104:55:104:62 | "source" | arrays.js:106:8:106:25 | arr8_variant.pop() | +| arrays.js:115:19:115:26 | "source" | arrays.js:116:50:116:53 | item | +| arrays.js:115:19:115:26 | "source" | arrays.js:117:10:117:16 | element | +| arrays.js:121:19:121:26 | "source" | arrays.js:122:46:122:49 | item | +| arrays.js:121:19:121:26 | "source" | arrays.js:123:10:123:16 | element | +| arrays.js:127:19:127:26 | "source" | arrays.js:128:55:128:58 | item | +| arrays.js:132:17:132:24 | source() | arrays.js:133:46:133:49 | item | +| arrays.js:132:17:132:24 | source() | arrays.js:134:10:134:17 | element1 | +| arrays.js:138:17:138:24 | source() | arrays.js:139:50:139:53 | item | +| arrays.js:138:17:138:24 | source() | arrays.js:140:10:140:17 | element1 | +| arrays.js:144:17:144:24 | source() | arrays.js:145:55:145:58 | item | diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql index d8f18759162..d6040117674 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql @@ -1,18 +1,26 @@ import javascript -class ArrayTaintFlowConfig extends TaintTracking::Configuration { - ArrayTaintFlowConfig() { this = "ArrayTaintFlowConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" or source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayTaintFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Arrays/arrays.js b/javascript/ql/test/library-tests/Arrays/arrays.js index deedf29f6f6..7c60d776c69 100644 --- a/javascript/ql/test/library-tests/Arrays/arrays.js +++ b/javascript/ql/test/library-tests/Arrays/arrays.js @@ -55,7 +55,7 @@ sink(ary); // OK - its the array itself, not an element. }); - sink(arr[0]); // OK - tuple like usage. + sink(arr[0]); // NOT OK for (const x of arr) { sink(x); // NOT OK @@ -92,9 +92,10 @@ sink(arr.at(-1)); // NOT OK - sink(["source"].filter((x) => x)); // NOT OK - sink(["source"].filter((x) => !!x)); // NOT OK - + sink(["source"]); // OK - for now, array element do not taint the entire array + sink(["source"].filter((x) => x).pop()); // NOT OK + sink(["source"].filter((x) => !!x).pop()); // NOT OK + var arr8 = []; arr8 = arr8.toSpliced(0, 0, "source"); sink(arr8.pop()); // NOT OK diff --git a/javascript/ql/test/library-tests/Arrays/printAst.expected b/javascript/ql/test/library-tests/Arrays/printAst.expected index a825b12f3fb..e79ac5ce84e 100644 --- a/javascript/ql/test/library-tests/Arrays/printAst.expected +++ b/javascript/ql/test/library-tests/Arrays/printAst.expected @@ -1,9 +1,9 @@ nodes -| arrays.js:1:1:147:2 | [ParExpr] (functi ... } }) | semmle.label | [ParExpr] (functi ... } }) | -| arrays.js:1:1:147:3 | [ExprStmt] (functi ... } }); | semmle.label | [ExprStmt] (functi ... } }); | -| arrays.js:1:1:147:3 | [ExprStmt] (functi ... } }); | semmle.order | 1 | -| arrays.js:1:2:147:1 | [FunctionExpr] functio ... K } } | semmle.label | [FunctionExpr] functio ... K } } | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | semmle.label | [BlockStmt] { let ... K } } | +| arrays.js:1:1:148:2 | [ParExpr] (functi ... } }) | semmle.label | [ParExpr] (functi ... } }) | +| arrays.js:1:1:148:3 | [ExprStmt] (functi ... } }); | semmle.label | [ExprStmt] (functi ... } }); | +| arrays.js:1:1:148:3 | [ExprStmt] (functi ... } }); | semmle.order | 1 | +| arrays.js:1:2:148:1 | [FunctionExpr] functio ... K } } | semmle.label | [FunctionExpr] functio ... K } } | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | semmle.label | [BlockStmt] { let ... K } } | | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | [DeclStmt] let source = ... | | arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | [VarDecl] source | | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | [VariableDeclarator] source = "source" | @@ -394,239 +394,251 @@ nodes | arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.label | [UnaryExpr] -1 | | arrays.js:93:16:93:16 | [Literal] 1 | semmle.label | [Literal] 1 | | arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.label | [CallExpr] sink([" ... => x)) | -| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.label | [ExprStmt] sink([" ... => x)); | +| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.label | [CallExpr] sink(["source"]) | +| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.label | [ExprStmt] sink(["source"]); | | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | -| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter | -| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | [MethodCallExpr] ["sourc ... ) => x) | | arrays.js:95:9:95:16 | [Literal] "source" | semmle.label | [Literal] "source" | -| arrays.js:95:19:95:24 | [Label] filter | semmle.label | [Label] filter | -| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.label | [ArrowFunctionExpr] (x) => x | -| arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x | -| arrays.js:95:33:95:33 | [VarRef] x | semmle.label | [VarRef] x | | arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.label | [CallExpr] sink([" ... > !!x)) | -| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.label | [ExprStmt] sink([" ... !!x)); | +| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.label | [CallExpr] sink([" ... .pop()) | +| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.label | [ExprStmt] sink([" ... pop()); | | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter | -| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | [MethodCallExpr] ["sourc ... => !!x) | +| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | [MethodCallExpr] ["sourc ... ) => x) | +| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.label | [DotExpr] ["sourc ... x).pop | +| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | [MethodCallExpr] ["sourc ... ).pop() | | arrays.js:96:9:96:16 | [Literal] "source" | semmle.label | [Literal] "source" | | arrays.js:96:19:96:24 | [Label] filter | semmle.label | [Label] filter | -| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | [ArrowFunctionExpr] (x) => !!x | +| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.label | [ArrowFunctionExpr] (x) => x | | arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x | -| arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.label | [UnaryExpr] !!x | -| arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.label | [UnaryExpr] !x | -| arrays.js:96:35:96:35 | [VarRef] x | semmle.label | [VarRef] x | -| arrays.js:98:3:98:16 | [DeclStmt] var arr8 = ... | semmle.label | [DeclStmt] var arr8 = ... | -| arrays.js:98:7:98:10 | [VarDecl] arr8 | semmle.label | [VarDecl] arr8 | -| arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | semmle.label | [VariableDeclarator] arr8 = [] | -| arrays.js:98:14:98:15 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | -| arrays.js:99:3:99:6 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | -| arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | semmle.label | [AssignExpr] arr8 = ... ource") | -| arrays.js:99:3:99:40 | [ExprStmt] arr8 = ... urce"); | semmle.label | [ExprStmt] arr8 = ... urce"); | -| arrays.js:99:10:99:13 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | -| arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | semmle.label | [DotExpr] arr8.toSpliced | -| arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | semmle.label | [MethodCallExpr] arr8.to ... ource") | -| arrays.js:99:15:99:23 | [Label] toSpliced | semmle.label | [Label] toSpliced | -| arrays.js:99:25:99:25 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:99:28:99:28 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:99:31:99:38 | [Literal] "source" | semmle.label | [Literal] "source" | -| arrays.js:100:3:100:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | semmle.label | [CallExpr] sink(arr8.pop()) | -| arrays.js:100:3:100:19 | [ExprStmt] sink(arr8.pop()); | semmle.label | [ExprStmt] sink(arr8.pop()); | -| arrays.js:100:8:100:11 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | -| arrays.js:100:8:100:15 | [DotExpr] arr8.pop | semmle.label | [DotExpr] arr8.pop | -| arrays.js:100:8:100:17 | [MethodCallExpr] arr8.pop() | semmle.label | [MethodCallExpr] arr8.pop() | -| arrays.js:100:13:100:15 | [Label] pop | semmle.label | [Label] pop | -| arrays.js:102:3:102:24 | [DeclStmt] var arr8_variant = ... | semmle.label | [DeclStmt] var arr8_variant = ... | -| arrays.js:102:7:102:18 | [VarDecl] arr8_variant | semmle.label | [VarDecl] arr8_variant | -| arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | semmle.label | [VariableDeclarator] arr8_variant = [] | -| arrays.js:102:22:102:23 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | -| arrays.js:103:3:103:14 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | -| arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | semmle.label | [AssignExpr] arr8_va ... ource") | -| arrays.js:103:3:103:64 | [ExprStmt] arr8_va ... urce"); | semmle.label | [ExprStmt] arr8_va ... urce"); | -| arrays.js:103:18:103:29 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | -| arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | semmle.label | [DotExpr] arr8_va ... Spliced | -| arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | semmle.label | [MethodCallExpr] arr8_va ... ource") | -| arrays.js:103:31:103:39 | [Label] toSpliced | semmle.label | [Label] toSpliced | -| arrays.js:103:41:103:41 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:103:44:103:44 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:103:47:103:52 | [Literal] "safe" | semmle.label | [Literal] "safe" | -| arrays.js:103:55:103:62 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:96:33:96:33 | [VarRef] x | semmle.label | [VarRef] x | +| arrays.js:96:36:96:38 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:97:3:97:6 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.label | [CallExpr] sink([" ... .pop()) | +| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.label | [ExprStmt] sink([" ... pop()); | +| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | +| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter | +| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | [MethodCallExpr] ["sourc ... => !!x) | +| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.label | [DotExpr] ["sourc ... !x).pop | +| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | [MethodCallExpr] ["sourc ... ).pop() | +| arrays.js:97:9:97:16 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:97:19:97:24 | [Label] filter | semmle.label | [Label] filter | +| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | [ArrowFunctionExpr] (x) => !!x | +| arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x | +| arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.label | [UnaryExpr] !!x | +| arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.label | [UnaryExpr] !x | +| arrays.js:97:35:97:35 | [VarRef] x | semmle.label | [VarRef] x | +| arrays.js:97:38:97:40 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:99:3:99:16 | [DeclStmt] var arr8 = ... | semmle.label | [DeclStmt] var arr8 = ... | +| arrays.js:99:7:99:10 | [VarDecl] arr8 | semmle.label | [VarDecl] arr8 | +| arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | semmle.label | [VariableDeclarator] arr8 = [] | +| arrays.js:99:14:99:15 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | +| arrays.js:100:3:100:6 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | +| arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | semmle.label | [AssignExpr] arr8 = ... ource") | +| arrays.js:100:3:100:40 | [ExprStmt] arr8 = ... urce"); | semmle.label | [ExprStmt] arr8 = ... urce"); | +| arrays.js:100:10:100:13 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | +| arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | semmle.label | [DotExpr] arr8.toSpliced | +| arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | semmle.label | [MethodCallExpr] arr8.to ... ource") | +| arrays.js:100:15:100:23 | [Label] toSpliced | semmle.label | [Label] toSpliced | +| arrays.js:100:25:100:25 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:100:28:100:28 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:100:31:100:38 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:101:3:101:6 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | semmle.label | [CallExpr] sink(arr8.pop()) | +| arrays.js:101:3:101:19 | [ExprStmt] sink(arr8.pop()); | semmle.label | [ExprStmt] sink(arr8.pop()); | +| arrays.js:101:8:101:11 | [VarRef] arr8 | semmle.label | [VarRef] arr8 | +| arrays.js:101:8:101:15 | [DotExpr] arr8.pop | semmle.label | [DotExpr] arr8.pop | +| arrays.js:101:8:101:17 | [MethodCallExpr] arr8.pop() | semmle.label | [MethodCallExpr] arr8.pop() | +| arrays.js:101:13:101:15 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:103:3:103:24 | [DeclStmt] var arr8_variant = ... | semmle.label | [DeclStmt] var arr8_variant = ... | +| arrays.js:103:7:103:18 | [VarDecl] arr8_variant | semmle.label | [VarDecl] arr8_variant | +| arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | semmle.label | [VariableDeclarator] arr8_variant = [] | +| arrays.js:103:22:103:23 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | | arrays.js:104:3:104:14 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | -| arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | semmle.label | [DotExpr] arr8_variant.pop | -| arrays.js:104:3:104:20 | [MethodCallExpr] arr8_variant.pop() | semmle.label | [MethodCallExpr] arr8_variant.pop() | -| arrays.js:104:3:104:21 | [ExprStmt] arr8_variant.pop(); | semmle.label | [ExprStmt] arr8_variant.pop(); | -| arrays.js:104:16:104:18 | [Label] pop | semmle.label | [Label] pop | -| arrays.js:105:3:105:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | semmle.label | [CallExpr] sink(ar ... .pop()) | -| arrays.js:105:3:105:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | [ExprStmt] sink(ar ... pop()); | -| arrays.js:105:8:105:19 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | -| arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | semmle.label | [DotExpr] arr8_variant.pop | -| arrays.js:105:8:105:25 | [MethodCallExpr] arr8_variant.pop() | semmle.label | [MethodCallExpr] arr8_variant.pop() | -| arrays.js:105:21:105:23 | [Label] pop | semmle.label | [Label] pop | -| arrays.js:107:3:107:23 | [DeclStmt] var arr8_spread = ... | semmle.label | [DeclStmt] var arr8_spread = ... | -| arrays.js:107:7:107:17 | [VarDecl] arr8_spread | semmle.label | [VarDecl] arr8_spread | -| arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | semmle.label | [VariableDeclarator] arr8_spread = [] | -| arrays.js:107:21:107:22 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | -| arrays.js:108:3:108:13 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | -| arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.label | [AssignExpr] arr8_sp ... ...arr) | -| arrays.js:108:3:108:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.label | [ExprStmt] arr8_sp ... ..arr); | -| arrays.js:108:17:108:27 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | -| arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | semmle.label | [DotExpr] arr8_sp ... Spliced | -| arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.label | [MethodCallExpr] arr8_sp ... ...arr) | -| arrays.js:108:29:108:37 | [Label] toSpliced | semmle.label | [Label] toSpliced | -| arrays.js:108:39:108:39 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:108:42:108:42 | [Literal] 0 | semmle.label | [Literal] 0 | -| arrays.js:108:45:108:50 | [SpreadElement] ...arr | semmle.label | [SpreadElement] ...arr | -| arrays.js:108:48:108:50 | [VarRef] arr | semmle.label | [VarRef] arr | -| arrays.js:109:3:109:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | semmle.label | [CallExpr] sink(ar ... .pop()) | -| arrays.js:109:3:109:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | [ExprStmt] sink(ar ... pop()); | -| arrays.js:109:8:109:18 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | -| arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | semmle.label | [DotExpr] arr8_spread.pop | -| arrays.js:109:8:109:24 | [MethodCallExpr] arr8_spread.pop() | semmle.label | [MethodCallExpr] arr8_spread.pop() | -| arrays.js:109:20:109:22 | [Label] pop | semmle.label | [Label] pop | -| arrays.js:111:3:111:6 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | semmle.label | [CallExpr] sink(ar ... lback)) | -| arrays.js:111:3:111:35 | [ExprStmt] sink(ar ... back)); | semmle.label | [ExprStmt] sink(ar ... back)); | -| arrays.js:111:8:111:10 | [VarRef] arr | semmle.label | [VarRef] arr | -| arrays.js:111:8:111:19 | [DotExpr] arr.findLast | semmle.label | [DotExpr] arr.findLast | -| arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | semmle.label | [MethodCallExpr] arr.fin ... llback) | -| arrays.js:111:12:111:19 | [Label] findLast | semmle.label | [Label] findLast | -| arrays.js:111:21:111:32 | [VarRef] someCallback | semmle.label | [VarRef] someCallback | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | -| arrays.js:114:5:114:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | -| arrays.js:114:11:114:14 | [VarDecl] list | semmle.label | [VarDecl] list | -| arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | -| arrays.js:114:18:114:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | -| arrays.js:114:19:114:26 | [Literal] "source" | semmle.label | [Literal] "source" | -| arrays.js:115:5:115:56 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | -| arrays.js:115:11:115:17 | [VarDecl] element | semmle.label | [VarDecl] element | -| arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:115:21:115:24 | [VarRef] list | semmle.label | [VarRef] list | -| arrays.js:115:21:115:33 | [DotExpr] list.findLast | semmle.label | [DotExpr] list.findLast | -| arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | -| arrays.js:115:26:115:33 | [Label] findLast | semmle.label | [Label] findLast | -| arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:115:36:115:39 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:115:45:115:48 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:115:45:115:54 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:115:50:115:53 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:116:5:116:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:116:5:116:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | -| arrays.js:116:5:116:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | -| arrays.js:116:10:116:16 | [VarRef] element | semmle.label | [VarRef] element | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | -| arrays.js:120:5:120:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | -| arrays.js:120:11:120:14 | [VarDecl] list | semmle.label | [VarDecl] list | -| arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | -| arrays.js:120:18:120:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | -| arrays.js:120:19:120:26 | [Literal] "source" | semmle.label | [Literal] "source" | -| arrays.js:121:5:121:52 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | -| arrays.js:121:11:121:17 | [VarDecl] element | semmle.label | [VarDecl] element | -| arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:121:21:121:24 | [VarRef] list | semmle.label | [VarRef] list | -| arrays.js:121:21:121:29 | [DotExpr] list.find | semmle.label | [DotExpr] list.find | -| arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | -| arrays.js:121:26:121:29 | [Label] find | semmle.label | [Label] find | -| arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:121:32:121:35 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:121:41:121:44 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:121:41:121:50 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:121:46:121:49 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:122:5:122:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:122:5:122:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | -| arrays.js:122:5:122:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | -| arrays.js:122:10:122:16 | [VarRef] element | semmle.label | [VarRef] element | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | -| arrays.js:126:5:126:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | -| arrays.js:126:11:126:14 | [VarDecl] list | semmle.label | [VarDecl] list | -| arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | -| arrays.js:126:18:126:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | -| arrays.js:126:19:126:26 | [Literal] "source" | semmle.label | [Literal] "source" | -| arrays.js:127:5:127:61 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | -| arrays.js:127:11:127:17 | [VarDecl] element | semmle.label | [VarDecl] element | -| arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:127:21:127:24 | [VarRef] list | semmle.label | [VarRef] list | -| arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | semmle.label | [DotExpr] list.findLastIndex | -| arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | -| arrays.js:127:26:127:38 | [Label] findLastIndex | semmle.label | [Label] findLastIndex | -| arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:127:41:127:44 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:127:50:127:53 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:127:50:127:59 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:127:55:127:58 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:128:5:128:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:128:5:128:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | -| arrays.js:128:5:128:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | -| arrays.js:128:10:128:16 | [VarRef] element | semmle.label | [VarRef] element | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | -| arrays.js:131:5:131:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | -| arrays.js:131:11:131:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | -| arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | -| arrays.js:131:17:131:22 | [VarRef] source | semmle.label | [VarRef] source | -| arrays.js:131:17:131:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | -| arrays.js:132:5:132:52 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | -| arrays.js:132:11:132:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | -| arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:132:22:132:24 | [VarRef] arr | semmle.label | [VarRef] arr | -| arrays.js:132:22:132:29 | [DotExpr] arr.find | semmle.label | [DotExpr] arr.find | -| arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | -| arrays.js:132:26:132:29 | [Label] find | semmle.label | [Label] find | -| arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:132:32:132:35 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:132:41:132:44 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:132:41:132:50 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:132:46:132:49 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:133:5:133:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:133:5:133:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | -| arrays.js:133:5:133:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | -| arrays.js:133:10:133:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | -| arrays.js:137:5:137:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | -| arrays.js:137:11:137:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | -| arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | -| arrays.js:137:17:137:22 | [VarRef] source | semmle.label | [VarRef] source | -| arrays.js:137:17:137:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | -| arrays.js:138:5:138:56 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | -| arrays.js:138:11:138:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | -| arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:138:22:138:24 | [VarRef] arr | semmle.label | [VarRef] arr | -| arrays.js:138:22:138:33 | [DotExpr] arr.findLast | semmle.label | [DotExpr] arr.findLast | -| arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | -| arrays.js:138:26:138:33 | [Label] findLast | semmle.label | [Label] findLast | -| arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:138:36:138:39 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:138:45:138:48 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:138:45:138:54 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:138:50:138:53 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:139:5:139:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:139:5:139:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | -| arrays.js:139:5:139:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | -| arrays.js:139:10:139:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | -| arrays.js:143:5:143:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | -| arrays.js:143:11:143:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | -| arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | -| arrays.js:143:17:143:22 | [VarRef] source | semmle.label | [VarRef] source | -| arrays.js:143:17:143:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | -| arrays.js:144:5:144:61 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | -| arrays.js:144:11:144:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | -| arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | -| arrays.js:144:22:144:24 | [VarRef] arr | semmle.label | [VarRef] arr | -| arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | semmle.label | [DotExpr] arr.findLastIndex | -| arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | -| arrays.js:144:26:144:38 | [Label] findLastIndex | semmle.label | [Label] findLastIndex | -| arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | -| arrays.js:144:41:144:44 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | -| arrays.js:144:50:144:53 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:144:50:144:59 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | -| arrays.js:144:55:144:58 | [VarRef] item | semmle.label | [VarRef] item | -| arrays.js:145:5:145:8 | [VarRef] sink | semmle.label | [VarRef] sink | -| arrays.js:145:5:145:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | -| arrays.js:145:5:145:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | -| arrays.js:145:10:145:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | +| arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | semmle.label | [AssignExpr] arr8_va ... ource") | +| arrays.js:104:3:104:64 | [ExprStmt] arr8_va ... urce"); | semmle.label | [ExprStmt] arr8_va ... urce"); | +| arrays.js:104:18:104:29 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | +| arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | semmle.label | [DotExpr] arr8_va ... Spliced | +| arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | semmle.label | [MethodCallExpr] arr8_va ... ource") | +| arrays.js:104:31:104:39 | [Label] toSpliced | semmle.label | [Label] toSpliced | +| arrays.js:104:41:104:41 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:104:44:104:44 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:104:47:104:52 | [Literal] "safe" | semmle.label | [Literal] "safe" | +| arrays.js:104:55:104:62 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:105:3:105:14 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | +| arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | semmle.label | [DotExpr] arr8_variant.pop | +| arrays.js:105:3:105:20 | [MethodCallExpr] arr8_variant.pop() | semmle.label | [MethodCallExpr] arr8_variant.pop() | +| arrays.js:105:3:105:21 | [ExprStmt] arr8_variant.pop(); | semmle.label | [ExprStmt] arr8_variant.pop(); | +| arrays.js:105:16:105:18 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:106:3:106:6 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | semmle.label | [CallExpr] sink(ar ... .pop()) | +| arrays.js:106:3:106:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | [ExprStmt] sink(ar ... pop()); | +| arrays.js:106:8:106:19 | [VarRef] arr8_variant | semmle.label | [VarRef] arr8_variant | +| arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | semmle.label | [DotExpr] arr8_variant.pop | +| arrays.js:106:8:106:25 | [MethodCallExpr] arr8_variant.pop() | semmle.label | [MethodCallExpr] arr8_variant.pop() | +| arrays.js:106:21:106:23 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:108:3:108:23 | [DeclStmt] var arr8_spread = ... | semmle.label | [DeclStmt] var arr8_spread = ... | +| arrays.js:108:7:108:17 | [VarDecl] arr8_spread | semmle.label | [VarDecl] arr8_spread | +| arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | semmle.label | [VariableDeclarator] arr8_spread = [] | +| arrays.js:108:21:108:22 | [ArrayExpr] [] | semmle.label | [ArrayExpr] [] | +| arrays.js:109:3:109:13 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | +| arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.label | [AssignExpr] arr8_sp ... ...arr) | +| arrays.js:109:3:109:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.label | [ExprStmt] arr8_sp ... ..arr); | +| arrays.js:109:17:109:27 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | +| arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | semmle.label | [DotExpr] arr8_sp ... Spliced | +| arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.label | [MethodCallExpr] arr8_sp ... ...arr) | +| arrays.js:109:29:109:37 | [Label] toSpliced | semmle.label | [Label] toSpliced | +| arrays.js:109:39:109:39 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:109:42:109:42 | [Literal] 0 | semmle.label | [Literal] 0 | +| arrays.js:109:45:109:50 | [SpreadElement] ...arr | semmle.label | [SpreadElement] ...arr | +| arrays.js:109:48:109:50 | [VarRef] arr | semmle.label | [VarRef] arr | +| arrays.js:110:3:110:6 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | semmle.label | [CallExpr] sink(ar ... .pop()) | +| arrays.js:110:3:110:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | [ExprStmt] sink(ar ... pop()); | +| arrays.js:110:8:110:18 | [VarRef] arr8_spread | semmle.label | [VarRef] arr8_spread | +| arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | semmle.label | [DotExpr] arr8_spread.pop | +| arrays.js:110:8:110:24 | [MethodCallExpr] arr8_spread.pop() | semmle.label | [MethodCallExpr] arr8_spread.pop() | +| arrays.js:110:20:110:22 | [Label] pop | semmle.label | [Label] pop | +| arrays.js:112:3:112:6 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | semmle.label | [CallExpr] sink(ar ... lback)) | +| arrays.js:112:3:112:35 | [ExprStmt] sink(ar ... back)); | semmle.label | [ExprStmt] sink(ar ... back)); | +| arrays.js:112:8:112:10 | [VarRef] arr | semmle.label | [VarRef] arr | +| arrays.js:112:8:112:19 | [DotExpr] arr.findLast | semmle.label | [DotExpr] arr.findLast | +| arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | semmle.label | [MethodCallExpr] arr.fin ... llback) | +| arrays.js:112:12:112:19 | [Label] findLast | semmle.label | [Label] findLast | +| arrays.js:112:21:112:32 | [VarRef] someCallback | semmle.label | [VarRef] someCallback | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | +| arrays.js:115:5:115:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | +| arrays.js:115:11:115:14 | [VarDecl] list | semmle.label | [VarDecl] list | +| arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | +| arrays.js:115:18:115:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | +| arrays.js:115:19:115:26 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:116:5:116:56 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | +| arrays.js:116:11:116:17 | [VarDecl] element | semmle.label | [VarDecl] element | +| arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:116:21:116:24 | [VarRef] list | semmle.label | [VarRef] list | +| arrays.js:116:21:116:33 | [DotExpr] list.findLast | semmle.label | [DotExpr] list.findLast | +| arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | +| arrays.js:116:26:116:33 | [Label] findLast | semmle.label | [Label] findLast | +| arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:116:36:116:39 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:116:45:116:48 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:116:45:116:54 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:116:50:116:53 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:117:5:117:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:117:5:117:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | +| arrays.js:117:5:117:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | +| arrays.js:117:10:117:16 | [VarRef] element | semmle.label | [VarRef] element | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | +| arrays.js:121:5:121:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | +| arrays.js:121:11:121:14 | [VarDecl] list | semmle.label | [VarDecl] list | +| arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | +| arrays.js:121:18:121:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | +| arrays.js:121:19:121:26 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:122:5:122:52 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | +| arrays.js:122:11:122:17 | [VarDecl] element | semmle.label | [VarDecl] element | +| arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:122:21:122:24 | [VarRef] list | semmle.label | [VarRef] list | +| arrays.js:122:21:122:29 | [DotExpr] list.find | semmle.label | [DotExpr] list.find | +| arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | +| arrays.js:122:26:122:29 | [Label] find | semmle.label | [Label] find | +| arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:122:32:122:35 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:122:41:122:44 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:122:41:122:50 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:122:46:122:49 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:123:5:123:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:123:5:123:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | +| arrays.js:123:5:123:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | +| arrays.js:123:10:123:16 | [VarRef] element | semmle.label | [VarRef] element | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | semmle.label | [BlockStmt] { // T ... OK } | +| arrays.js:127:5:127:28 | [DeclStmt] const list = ... | semmle.label | [DeclStmt] const list = ... | +| arrays.js:127:11:127:14 | [VarDecl] list | semmle.label | [VarDecl] list | +| arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | semmle.label | [VariableDeclarator] list = ["source"] | +| arrays.js:127:18:127:27 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] | +| arrays.js:127:19:127:26 | [Literal] "source" | semmle.label | [Literal] "source" | +| arrays.js:128:5:128:61 | [DeclStmt] const element = ... | semmle.label | [DeclStmt] const element = ... | +| arrays.js:128:11:128:17 | [VarDecl] element | semmle.label | [VarDecl] element | +| arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:128:21:128:24 | [VarRef] list | semmle.label | [VarRef] list | +| arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | semmle.label | [DotExpr] list.findLastIndex | +| arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | semmle.label | [MethodCallExpr] list.fi ... (item)) | +| arrays.js:128:26:128:38 | [Label] findLastIndex | semmle.label | [Label] findLastIndex | +| arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:128:41:128:44 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:128:50:128:53 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:128:50:128:59 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:128:55:128:58 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:129:5:129:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:129:5:129:17 | [CallExpr] sink(element) | semmle.label | [CallExpr] sink(element) | +| arrays.js:129:5:129:18 | [ExprStmt] sink(element); | semmle.label | [ExprStmt] sink(element); | +| arrays.js:129:10:129:16 | [VarRef] element | semmle.label | [VarRef] element | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | +| arrays.js:132:5:132:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | +| arrays.js:132:11:132:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | +| arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | +| arrays.js:132:17:132:22 | [VarRef] source | semmle.label | [VarRef] source | +| arrays.js:132:17:132:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | +| arrays.js:133:5:133:52 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | +| arrays.js:133:11:133:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | +| arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:133:22:133:24 | [VarRef] arr | semmle.label | [VarRef] arr | +| arrays.js:133:22:133:29 | [DotExpr] arr.find | semmle.label | [DotExpr] arr.find | +| arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | +| arrays.js:133:26:133:29 | [Label] find | semmle.label | [Label] find | +| arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:133:32:133:35 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:133:41:133:44 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:133:41:133:50 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:133:46:133:49 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:134:5:134:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:134:5:134:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | +| arrays.js:134:5:134:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | +| arrays.js:134:10:134:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | +| arrays.js:138:5:138:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | +| arrays.js:138:11:138:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | +| arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | +| arrays.js:138:17:138:22 | [VarRef] source | semmle.label | [VarRef] source | +| arrays.js:138:17:138:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | +| arrays.js:139:5:139:56 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | +| arrays.js:139:11:139:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | +| arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:139:22:139:24 | [VarRef] arr | semmle.label | [VarRef] arr | +| arrays.js:139:22:139:33 | [DotExpr] arr.findLast | semmle.label | [DotExpr] arr.findLast | +| arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | +| arrays.js:139:26:139:33 | [Label] findLast | semmle.label | [Label] findLast | +| arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:139:36:139:39 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:139:45:139:48 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:139:45:139:54 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:139:50:139:53 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:140:5:140:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:140:5:140:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | +| arrays.js:140:5:140:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | +| arrays.js:140:10:140:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | semmle.label | [BlockStmt] { c ... OK } | +| arrays.js:144:5:144:25 | [DeclStmt] const arr = ... | semmle.label | [DeclStmt] const arr = ... | +| arrays.js:144:11:144:13 | [VarDecl] arr | semmle.label | [VarDecl] arr | +| arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | semmle.label | [VariableDeclarator] arr = source() | +| arrays.js:144:17:144:22 | [VarRef] source | semmle.label | [VarRef] source | +| arrays.js:144:17:144:24 | [CallExpr] source() | semmle.label | [CallExpr] source() | +| arrays.js:145:5:145:61 | [DeclStmt] const element1 = ... | semmle.label | [DeclStmt] const element1 = ... | +| arrays.js:145:11:145:18 | [VarDecl] element1 | semmle.label | [VarDecl] element1 | +| arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | semmle.label | [VariableDeclarator] element ... (item)) | +| arrays.js:145:22:145:24 | [VarRef] arr | semmle.label | [VarRef] arr | +| arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | semmle.label | [DotExpr] arr.findLastIndex | +| arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | [MethodCallExpr] arr.fin ... (item)) | +| arrays.js:145:26:145:38 | [Label] findLastIndex | semmle.label | [Label] findLastIndex | +| arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | [ArrowFunctionExpr] (item) => sink(item) | +| arrays.js:145:41:145:44 | [SimpleParameter] item | semmle.label | [SimpleParameter] item | +| arrays.js:145:50:145:53 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:145:50:145:59 | [CallExpr] sink(item) | semmle.label | [CallExpr] sink(item) | +| arrays.js:145:55:145:58 | [VarRef] item | semmle.label | [VarRef] item | +| arrays.js:146:5:146:8 | [VarRef] sink | semmle.label | [VarRef] sink | +| arrays.js:146:5:146:18 | [CallExpr] sink(element1) | semmle.label | [CallExpr] sink(element1) | +| arrays.js:146:5:146:19 | [ExprStmt] sink(element1); | semmle.label | [ExprStmt] sink(element1); | +| arrays.js:146:10:146:17 | [VarRef] element1 | semmle.label | [VarRef] element1 | +| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | | file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) | @@ -718,142 +730,144 @@ nodes | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) | | file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) | edges -| arrays.js:1:1:147:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:147:1 | [FunctionExpr] functio ... K } } | semmle.label | 1 | -| arrays.js:1:1:147:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:147:1 | [FunctionExpr] functio ... K } } | semmle.order | 1 | -| arrays.js:1:1:147:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:147:2 | [ParExpr] (functi ... } }) | semmle.label | 1 | -| arrays.js:1:1:147:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:147:2 | [ParExpr] (functi ... } }) | semmle.order | 1 | -| arrays.js:1:2:147:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | semmle.label | 5 | -| arrays.js:1:2:147:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | semmle.order | 5 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.label | 18 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.order | 18 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.label | 19 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.order | 19 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.label | 20 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.order | 20 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 21 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 21 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.label | 22 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.order | 22 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.label | 23 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.order | 23 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 24 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 24 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.label | 25 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.order | 25 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 26 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 26 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 27 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 27 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.label | 28 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.order | 28 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.label | 29 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.order | 29 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 30 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 30 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 31 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 31 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.label | 32 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.order | 32 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.label | 33 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.order | 33 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.label | 34 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.order | 34 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.label | 35 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.order | 35 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.label | 36 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.order | 36 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 37 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 37 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.label | 38 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.order | 38 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.label | 39 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.order | 39 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.label | 40 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.order | 40 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.label | 41 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.order | 41 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.label | 42 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.order | 42 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.label | 43 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.order | 43 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.label | 44 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.order | 44 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.label | 45 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.order | 45 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.label | 46 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.order | 46 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.label | 47 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.order | 47 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.label | 48 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.order | 48 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:98:3:98:16 | [DeclStmt] var arr8 = ... | semmle.label | 49 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:98:3:98:16 | [DeclStmt] var arr8 = ... | semmle.order | 49 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:99:3:99:40 | [ExprStmt] arr8 = ... urce"); | semmle.label | 50 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:99:3:99:40 | [ExprStmt] arr8 = ... urce"); | semmle.order | 50 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:100:3:100:19 | [ExprStmt] sink(arr8.pop()); | semmle.label | 51 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:100:3:100:19 | [ExprStmt] sink(arr8.pop()); | semmle.order | 51 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:102:3:102:24 | [DeclStmt] var arr8_variant = ... | semmle.label | 52 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:102:3:102:24 | [DeclStmt] var arr8_variant = ... | semmle.order | 52 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:103:3:103:64 | [ExprStmt] arr8_va ... urce"); | semmle.label | 53 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:103:3:103:64 | [ExprStmt] arr8_va ... urce"); | semmle.order | 53 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:104:3:104:21 | [ExprStmt] arr8_variant.pop(); | semmle.label | 54 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:104:3:104:21 | [ExprStmt] arr8_variant.pop(); | semmle.order | 54 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:105:3:105:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 55 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:105:3:105:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 55 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:107:3:107:23 | [DeclStmt] var arr8_spread = ... | semmle.label | 56 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:107:3:107:23 | [DeclStmt] var arr8_spread = ... | semmle.order | 56 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:108:3:108:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.label | 57 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:108:3:108:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.order | 57 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:109:3:109:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 58 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:109:3:109:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 58 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:111:3:111:35 | [ExprStmt] sink(ar ... back)); | semmle.label | 59 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:111:3:111:35 | [ExprStmt] sink(ar ... back)); | semmle.order | 59 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | semmle.label | 60 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | semmle.order | 60 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | semmle.label | 61 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | semmle.order | 61 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | semmle.label | 62 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | semmle.order | 62 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | semmle.label | 63 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | semmle.order | 63 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | semmle.label | 64 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | semmle.order | 64 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | semmle.label | 65 | -| arrays.js:1:14:147:1 | [BlockStmt] { let ... K } } | arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | semmle.order | 65 | +| arrays.js:1:1:148:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:148:1 | [FunctionExpr] functio ... K } } | semmle.label | 1 | +| arrays.js:1:1:148:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:148:1 | [FunctionExpr] functio ... K } } | semmle.order | 1 | +| arrays.js:1:1:148:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:148:2 | [ParExpr] (functi ... } }) | semmle.label | 1 | +| arrays.js:1:1:148:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:148:2 | [ParExpr] (functi ... } }) | semmle.order | 1 | +| arrays.js:1:2:148:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | semmle.label | 5 | +| arrays.js:1:2:148:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | semmle.order | 5 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.label | 18 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.order | 18 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.label | 19 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.order | 19 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.label | 20 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.order | 20 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 21 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 21 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.label | 22 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.order | 22 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.label | 23 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.order | 23 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 24 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 24 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.label | 25 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.order | 25 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 26 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 26 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 27 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 27 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.label | 28 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.order | 28 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.label | 29 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.order | 29 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 30 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 30 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 31 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 31 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.label | 32 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.order | 32 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.label | 33 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.order | 33 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.label | 34 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.order | 34 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.label | 35 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.order | 35 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.label | 36 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.order | 36 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 37 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 37 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.label | 38 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.order | 38 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.label | 39 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.order | 39 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.label | 40 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.order | 40 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.label | 41 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.order | 41 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.label | 42 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.order | 42 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.label | 43 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.order | 43 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.label | 44 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.order | 44 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.label | 45 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.order | 45 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.label | 46 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.order | 46 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.label | 47 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.order | 47 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.label | 48 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.order | 48 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.label | 49 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.order | 49 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:99:3:99:16 | [DeclStmt] var arr8 = ... | semmle.label | 50 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:99:3:99:16 | [DeclStmt] var arr8 = ... | semmle.order | 50 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:100:3:100:40 | [ExprStmt] arr8 = ... urce"); | semmle.label | 51 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:100:3:100:40 | [ExprStmt] arr8 = ... urce"); | semmle.order | 51 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:101:3:101:19 | [ExprStmt] sink(arr8.pop()); | semmle.label | 52 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:101:3:101:19 | [ExprStmt] sink(arr8.pop()); | semmle.order | 52 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:103:3:103:24 | [DeclStmt] var arr8_variant = ... | semmle.label | 53 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:103:3:103:24 | [DeclStmt] var arr8_variant = ... | semmle.order | 53 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:104:3:104:64 | [ExprStmt] arr8_va ... urce"); | semmle.label | 54 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:104:3:104:64 | [ExprStmt] arr8_va ... urce"); | semmle.order | 54 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:105:3:105:21 | [ExprStmt] arr8_variant.pop(); | semmle.label | 55 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:105:3:105:21 | [ExprStmt] arr8_variant.pop(); | semmle.order | 55 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:106:3:106:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 56 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:106:3:106:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 56 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:108:3:108:23 | [DeclStmt] var arr8_spread = ... | semmle.label | 57 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:108:3:108:23 | [DeclStmt] var arr8_spread = ... | semmle.order | 57 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:109:3:109:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.label | 58 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:109:3:109:52 | [ExprStmt] arr8_sp ... ..arr); | semmle.order | 58 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:110:3:110:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 59 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:110:3:110:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 59 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:112:3:112:35 | [ExprStmt] sink(ar ... back)); | semmle.label | 60 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:112:3:112:35 | [ExprStmt] sink(ar ... back)); | semmle.order | 60 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | semmle.label | 61 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | semmle.order | 61 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | semmle.label | 62 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | semmle.order | 62 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | semmle.label | 63 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | semmle.order | 63 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | semmle.label | 64 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | semmle.order | 64 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | semmle.label | 65 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | semmle.order | 65 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | semmle.label | 66 | +| arrays.js:1:14:148:1 | [BlockStmt] { let ... K } } | arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | semmle.order | 66 | | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | 1 | | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.order | 1 | | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | 1 | @@ -1520,422 +1534,442 @@ edges | arrays.js:93:8:93:17 | [MethodCallExpr] arr.at(-1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | | arrays.js:93:15:93:16 | [UnaryExpr] -1 | arrays.js:93:16:93:16 | [Literal] 1 | semmle.label | 1 | | arrays.js:93:15:93:16 | [UnaryExpr] -1 | arrays.js:93:16:93:16 | [Literal] 1 | semmle.order | 1 | -| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.label | 1 | -| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.order | 1 | +| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.label | 1 | +| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.order | 1 | | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | arrays.js:95:9:95:16 | [Literal] "source" | semmle.label | 1 | | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | arrays.js:95:9:95:16 | [Literal] "source" | semmle.order | 1 | -| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | 1 | -| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.order | 1 | -| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:19:95:24 | [Label] filter | semmle.label | 2 | -| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:19:95:24 | [Label] filter | semmle.order | 2 | -| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.label | 0 | -| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.order | 0 | -| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | arrays.js:95:33:95:33 | [VarRef] x | semmle.label | 5 | -| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | arrays.js:95:33:95:33 | [VarRef] x | semmle.order | 5 | -| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.label | 1 | -| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.order | 1 | +| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.label | 1 | +| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.order | 1 | | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | arrays.js:96:9:96:16 | [Literal] "source" | semmle.label | 1 | | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | arrays.js:96:9:96:16 | [Literal] "source" | semmle.order | 1 | | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.label | 1 | | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.order | 1 | | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:19:96:24 | [Label] filter | semmle.label | 2 | | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:19:96:24 | [Label] filter | semmle.order | 2 | -| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | 0 | -| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.order | 0 | -| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.label | 5 | -| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.order | 5 | -| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:96:33:96:35 | [UnaryExpr] !!x | arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.label | 1 | -| arrays.js:96:33:96:35 | [UnaryExpr] !!x | arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.order | 1 | -| arrays.js:96:34:96:35 | [UnaryExpr] !x | arrays.js:96:35:96:35 | [VarRef] x | semmle.label | 1 | -| arrays.js:96:34:96:35 | [UnaryExpr] !x | arrays.js:96:35:96:35 | [VarRef] x | semmle.order | 1 | -| arrays.js:98:3:98:16 | [DeclStmt] var arr8 = ... | arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | semmle.label | 1 | -| arrays.js:98:3:98:16 | [DeclStmt] var arr8 = ... | arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | semmle.order | 1 | -| arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | arrays.js:98:7:98:10 | [VarDecl] arr8 | semmle.label | 1 | -| arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | arrays.js:98:7:98:10 | [VarDecl] arr8 | semmle.order | 1 | -| arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | arrays.js:98:14:98:15 | [ArrayExpr] [] | semmle.label | 2 | -| arrays.js:98:7:98:15 | [VariableDeclarator] arr8 = [] | arrays.js:98:14:98:15 | [ArrayExpr] [] | semmle.order | 2 | -| arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | arrays.js:99:3:99:6 | [VarRef] arr8 | semmle.label | 1 | -| arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | arrays.js:99:3:99:6 | [VarRef] arr8 | semmle.order | 1 | -| arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | semmle.label | 2 | -| arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | semmle.order | 2 | -| arrays.js:99:3:99:40 | [ExprStmt] arr8 = ... urce"); | arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | semmle.label | 1 | -| arrays.js:99:3:99:40 | [ExprStmt] arr8 = ... urce"); | arrays.js:99:3:99:39 | [AssignExpr] arr8 = ... ource") | semmle.order | 1 | -| arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | arrays.js:99:10:99:13 | [VarRef] arr8 | semmle.label | 1 | -| arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | arrays.js:99:10:99:13 | [VarRef] arr8 | semmle.order | 1 | -| arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | arrays.js:99:15:99:23 | [Label] toSpliced | semmle.label | 2 | -| arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | arrays.js:99:15:99:23 | [Label] toSpliced | semmle.order | 2 | -| arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | semmle.label | 0 | -| arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | arrays.js:99:10:99:23 | [DotExpr] arr8.toSpliced | semmle.order | 0 | -| arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:99:10:99:39 | [MethodCallExpr] arr8.to ... ource") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | arrays.js:100:3:100:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | arrays.js:100:3:100:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:100:3:100:19 | [ExprStmt] sink(arr8.pop()); | arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | semmle.label | 1 | -| arrays.js:100:3:100:19 | [ExprStmt] sink(arr8.pop()); | arrays.js:100:3:100:18 | [CallExpr] sink(arr8.pop()) | semmle.order | 1 | -| arrays.js:100:8:100:15 | [DotExpr] arr8.pop | arrays.js:100:8:100:11 | [VarRef] arr8 | semmle.label | 1 | -| arrays.js:100:8:100:15 | [DotExpr] arr8.pop | arrays.js:100:8:100:11 | [VarRef] arr8 | semmle.order | 1 | -| arrays.js:100:8:100:15 | [DotExpr] arr8.pop | arrays.js:100:13:100:15 | [Label] pop | semmle.label | 2 | -| arrays.js:100:8:100:15 | [DotExpr] arr8.pop | arrays.js:100:13:100:15 | [Label] pop | semmle.order | 2 | -| arrays.js:100:8:100:17 | [MethodCallExpr] arr8.pop() | arrays.js:100:8:100:15 | [DotExpr] arr8.pop | semmle.label | 0 | -| arrays.js:100:8:100:17 | [MethodCallExpr] arr8.pop() | arrays.js:100:8:100:15 | [DotExpr] arr8.pop | semmle.order | 0 | -| arrays.js:102:3:102:24 | [DeclStmt] var arr8_variant = ... | arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | semmle.label | 1 | -| arrays.js:102:3:102:24 | [DeclStmt] var arr8_variant = ... | arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | semmle.order | 1 | -| arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:102:7:102:18 | [VarDecl] arr8_variant | semmle.label | 1 | -| arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:102:7:102:18 | [VarDecl] arr8_variant | semmle.order | 1 | -| arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:102:22:102:23 | [ArrayExpr] [] | semmle.label | 2 | -| arrays.js:102:7:102:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:102:22:102:23 | [ArrayExpr] [] | semmle.order | 2 | -| arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | arrays.js:103:3:103:14 | [VarRef] arr8_variant | semmle.label | 1 | -| arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | arrays.js:103:3:103:14 | [VarRef] arr8_variant | semmle.order | 1 | -| arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | semmle.label | 2 | -| arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | semmle.order | 2 | -| arrays.js:103:3:103:64 | [ExprStmt] arr8_va ... urce"); | arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | semmle.label | 1 | -| arrays.js:103:3:103:64 | [ExprStmt] arr8_va ... urce"); | arrays.js:103:3:103:63 | [AssignExpr] arr8_va ... ource") | semmle.order | 1 | -| arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | arrays.js:103:18:103:29 | [VarRef] arr8_variant | semmle.label | 1 | -| arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | arrays.js:103:18:103:29 | [VarRef] arr8_variant | semmle.order | 1 | -| arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | arrays.js:103:31:103:39 | [Label] toSpliced | semmle.label | 2 | -| arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | arrays.js:103:31:103:39 | [Label] toSpliced | semmle.order | 2 | -| arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | semmle.label | 0 | -| arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | arrays.js:103:18:103:39 | [DotExpr] arr8_va ... Spliced | semmle.order | 0 | -| arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:103:18:103:63 | [MethodCallExpr] arr8_va ... ource") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | arrays.js:104:3:104:14 | [VarRef] arr8_variant | semmle.label | 1 | -| arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | arrays.js:104:3:104:14 | [VarRef] arr8_variant | semmle.order | 1 | -| arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | arrays.js:104:16:104:18 | [Label] pop | semmle.label | 2 | -| arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | arrays.js:104:16:104:18 | [Label] pop | semmle.order | 2 | -| arrays.js:104:3:104:20 | [MethodCallExpr] arr8_variant.pop() | arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | semmle.label | 0 | -| arrays.js:104:3:104:20 | [MethodCallExpr] arr8_variant.pop() | arrays.js:104:3:104:18 | [DotExpr] arr8_variant.pop | semmle.order | 0 | -| arrays.js:104:3:104:21 | [ExprStmt] arr8_variant.pop(); | arrays.js:104:3:104:20 | [MethodCallExpr] arr8_variant.pop() | semmle.label | 1 | -| arrays.js:104:3:104:21 | [ExprStmt] arr8_variant.pop(); | arrays.js:104:3:104:20 | [MethodCallExpr] arr8_variant.pop() | semmle.order | 1 | -| arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | arrays.js:105:3:105:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | arrays.js:105:3:105:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:105:3:105:27 | [ExprStmt] sink(ar ... pop()); | arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | semmle.label | 1 | -| arrays.js:105:3:105:27 | [ExprStmt] sink(ar ... pop()); | arrays.js:105:3:105:26 | [CallExpr] sink(ar ... .pop()) | semmle.order | 1 | -| arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | arrays.js:105:8:105:19 | [VarRef] arr8_variant | semmle.label | 1 | -| arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | arrays.js:105:8:105:19 | [VarRef] arr8_variant | semmle.order | 1 | -| arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | arrays.js:105:21:105:23 | [Label] pop | semmle.label | 2 | -| arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | arrays.js:105:21:105:23 | [Label] pop | semmle.order | 2 | -| arrays.js:105:8:105:25 | [MethodCallExpr] arr8_variant.pop() | arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | semmle.label | 0 | -| arrays.js:105:8:105:25 | [MethodCallExpr] arr8_variant.pop() | arrays.js:105:8:105:23 | [DotExpr] arr8_variant.pop | semmle.order | 0 | -| arrays.js:107:3:107:23 | [DeclStmt] var arr8_spread = ... | arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | semmle.label | 1 | -| arrays.js:107:3:107:23 | [DeclStmt] var arr8_spread = ... | arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | semmle.order | 1 | -| arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:107:7:107:17 | [VarDecl] arr8_spread | semmle.label | 1 | -| arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:107:7:107:17 | [VarDecl] arr8_spread | semmle.order | 1 | -| arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:107:21:107:22 | [ArrayExpr] [] | semmle.label | 2 | -| arrays.js:107:7:107:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:107:21:107:22 | [ArrayExpr] [] | semmle.order | 2 | -| arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:108:3:108:13 | [VarRef] arr8_spread | semmle.label | 1 | -| arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:108:3:108:13 | [VarRef] arr8_spread | semmle.order | 1 | -| arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.label | 2 | -| arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.order | 2 | -| arrays.js:108:3:108:52 | [ExprStmt] arr8_sp ... ..arr); | arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.label | 1 | -| arrays.js:108:3:108:52 | [ExprStmt] arr8_sp ... ..arr); | arrays.js:108:3:108:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.order | 1 | -| arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:108:17:108:27 | [VarRef] arr8_spread | semmle.label | 1 | -| arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:108:17:108:27 | [VarRef] arr8_spread | semmle.order | 1 | -| arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:108:29:108:37 | [Label] toSpliced | semmle.label | 2 | -| arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:108:29:108:37 | [Label] toSpliced | semmle.order | 2 | -| arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | semmle.label | 0 | -| arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | arrays.js:108:17:108:37 | [DotExpr] arr8_sp ... Spliced | semmle.order | 0 | -| arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:108:17:108:51 | [MethodCallExpr] arr8_sp ... ...arr) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:108:45:108:50 | [SpreadElement] ...arr | arrays.js:108:48:108:50 | [VarRef] arr | semmle.label | 1 | -| arrays.js:108:45:108:50 | [SpreadElement] ...arr | arrays.js:108:48:108:50 | [VarRef] arr | semmle.order | 1 | -| arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | arrays.js:109:3:109:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | arrays.js:109:3:109:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:109:3:109:26 | [ExprStmt] sink(ar ... pop()); | arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | semmle.label | 1 | -| arrays.js:109:3:109:26 | [ExprStmt] sink(ar ... pop()); | arrays.js:109:3:109:25 | [CallExpr] sink(ar ... .pop()) | semmle.order | 1 | -| arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | arrays.js:109:8:109:18 | [VarRef] arr8_spread | semmle.label | 1 | -| arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | arrays.js:109:8:109:18 | [VarRef] arr8_spread | semmle.order | 1 | -| arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | arrays.js:109:20:109:22 | [Label] pop | semmle.label | 2 | -| arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | arrays.js:109:20:109:22 | [Label] pop | semmle.order | 2 | -| arrays.js:109:8:109:24 | [MethodCallExpr] arr8_spread.pop() | arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | semmle.label | 0 | -| arrays.js:109:8:109:24 | [MethodCallExpr] arr8_spread.pop() | arrays.js:109:8:109:22 | [DotExpr] arr8_spread.pop | semmle.order | 0 | -| arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | arrays.js:111:3:111:6 | [VarRef] sink | semmle.label | 0 | -| arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | arrays.js:111:3:111:6 | [VarRef] sink | semmle.order | 0 | -| arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:111:3:111:35 | [ExprStmt] sink(ar ... back)); | arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | semmle.label | 1 | -| arrays.js:111:3:111:35 | [ExprStmt] sink(ar ... back)); | arrays.js:111:3:111:34 | [CallExpr] sink(ar ... lback)) | semmle.order | 1 | -| arrays.js:111:8:111:19 | [DotExpr] arr.findLast | arrays.js:111:8:111:10 | [VarRef] arr | semmle.label | 1 | -| arrays.js:111:8:111:19 | [DotExpr] arr.findLast | arrays.js:111:8:111:10 | [VarRef] arr | semmle.order | 1 | -| arrays.js:111:8:111:19 | [DotExpr] arr.findLast | arrays.js:111:12:111:19 | [Label] findLast | semmle.label | 2 | -| arrays.js:111:8:111:19 | [DotExpr] arr.findLast | arrays.js:111:12:111:19 | [Label] findLast | semmle.order | 2 | -| arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | arrays.js:111:8:111:19 | [DotExpr] arr.findLast | semmle.label | 0 | -| arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | arrays.js:111:8:111:19 | [DotExpr] arr.findLast | semmle.order | 0 | -| arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:114:5:114:28 | [DeclStmt] const list = ... | semmle.label | 1 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:114:5:114:28 | [DeclStmt] const list = ... | semmle.order | 1 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:115:5:115:56 | [DeclStmt] const element = ... | semmle.label | 2 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:115:5:115:56 | [DeclStmt] const element = ... | semmle.order | 2 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:116:5:116:18 | [ExprStmt] sink(element); | semmle.label | 3 | -| arrays.js:113:3:117:3 | [BlockStmt] { // T ... OK } | arrays.js:116:5:116:18 | [ExprStmt] sink(element); | semmle.order | 3 | -| arrays.js:114:5:114:28 | [DeclStmt] const list = ... | arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | -| arrays.js:114:5:114:28 | [DeclStmt] const list = ... | arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | -| arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | arrays.js:114:11:114:14 | [VarDecl] list | semmle.label | 1 | -| arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | arrays.js:114:11:114:14 | [VarDecl] list | semmle.order | 1 | -| arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | arrays.js:114:18:114:27 | [ArrayExpr] ["source"] | semmle.label | 2 | -| arrays.js:114:11:114:27 | [VariableDeclarator] list = ["source"] | arrays.js:114:18:114:27 | [ArrayExpr] ["source"] | semmle.order | 2 | -| arrays.js:114:18:114:27 | [ArrayExpr] ["source"] | arrays.js:114:19:114:26 | [Literal] "source" | semmle.label | 1 | -| arrays.js:114:18:114:27 | [ArrayExpr] ["source"] | arrays.js:114:19:114:26 | [Literal] "source" | semmle.order | 1 | -| arrays.js:115:5:115:56 | [DeclStmt] const element = ... | arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:115:5:115:56 | [DeclStmt] const element = ... | arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | arrays.js:115:11:115:17 | [VarDecl] element | semmle.label | 1 | -| arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | arrays.js:115:11:115:17 | [VarDecl] element | semmle.order | 1 | -| arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | -| arrays.js:115:11:115:55 | [VariableDeclarator] element ... (item)) | arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | -| arrays.js:115:21:115:33 | [DotExpr] list.findLast | arrays.js:115:21:115:24 | [VarRef] list | semmle.label | 1 | -| arrays.js:115:21:115:33 | [DotExpr] list.findLast | arrays.js:115:21:115:24 | [VarRef] list | semmle.order | 1 | -| arrays.js:115:21:115:33 | [DotExpr] list.findLast | arrays.js:115:26:115:33 | [Label] findLast | semmle.label | 2 | -| arrays.js:115:21:115:33 | [DotExpr] list.findLast | arrays.js:115:26:115:33 | [Label] findLast | semmle.order | 2 | -| arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | arrays.js:115:21:115:33 | [DotExpr] list.findLast | semmle.label | 0 | -| arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | arrays.js:115:21:115:33 | [DotExpr] list.findLast | semmle.order | 0 | -| arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:115:21:115:55 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:115:45:115:54 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:115:45:115:54 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:115:45:115:54 | [CallExpr] sink(item) | arrays.js:115:45:115:48 | [VarRef] sink | semmle.label | 0 | -| arrays.js:115:45:115:54 | [CallExpr] sink(item) | arrays.js:115:45:115:48 | [VarRef] sink | semmle.order | 0 | -| arrays.js:115:45:115:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:115:45:115:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:116:5:116:17 | [CallExpr] sink(element) | arrays.js:116:5:116:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:116:5:116:17 | [CallExpr] sink(element) | arrays.js:116:5:116:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:116:5:116:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:116:5:116:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:116:5:116:18 | [ExprStmt] sink(element); | arrays.js:116:5:116:17 | [CallExpr] sink(element) | semmle.label | 1 | -| arrays.js:116:5:116:18 | [ExprStmt] sink(element); | arrays.js:116:5:116:17 | [CallExpr] sink(element) | semmle.order | 1 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:120:5:120:28 | [DeclStmt] const list = ... | semmle.label | 1 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:120:5:120:28 | [DeclStmt] const list = ... | semmle.order | 1 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:121:5:121:52 | [DeclStmt] const element = ... | semmle.label | 2 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:121:5:121:52 | [DeclStmt] const element = ... | semmle.order | 2 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:122:5:122:18 | [ExprStmt] sink(element); | semmle.label | 3 | -| arrays.js:119:3:123:3 | [BlockStmt] { // T ... OK } | arrays.js:122:5:122:18 | [ExprStmt] sink(element); | semmle.order | 3 | -| arrays.js:120:5:120:28 | [DeclStmt] const list = ... | arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | -| arrays.js:120:5:120:28 | [DeclStmt] const list = ... | arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | -| arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | arrays.js:120:11:120:14 | [VarDecl] list | semmle.label | 1 | -| arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | arrays.js:120:11:120:14 | [VarDecl] list | semmle.order | 1 | -| arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | arrays.js:120:18:120:27 | [ArrayExpr] ["source"] | semmle.label | 2 | -| arrays.js:120:11:120:27 | [VariableDeclarator] list = ["source"] | arrays.js:120:18:120:27 | [ArrayExpr] ["source"] | semmle.order | 2 | -| arrays.js:120:18:120:27 | [ArrayExpr] ["source"] | arrays.js:120:19:120:26 | [Literal] "source" | semmle.label | 1 | -| arrays.js:120:18:120:27 | [ArrayExpr] ["source"] | arrays.js:120:19:120:26 | [Literal] "source" | semmle.order | 1 | -| arrays.js:121:5:121:52 | [DeclStmt] const element = ... | arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:121:5:121:52 | [DeclStmt] const element = ... | arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | arrays.js:121:11:121:17 | [VarDecl] element | semmle.label | 1 | -| arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | arrays.js:121:11:121:17 | [VarDecl] element | semmle.order | 1 | -| arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | -| arrays.js:121:11:121:51 | [VariableDeclarator] element ... (item)) | arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | -| arrays.js:121:21:121:29 | [DotExpr] list.find | arrays.js:121:21:121:24 | [VarRef] list | semmle.label | 1 | -| arrays.js:121:21:121:29 | [DotExpr] list.find | arrays.js:121:21:121:24 | [VarRef] list | semmle.order | 1 | -| arrays.js:121:21:121:29 | [DotExpr] list.find | arrays.js:121:26:121:29 | [Label] find | semmle.label | 2 | -| arrays.js:121:21:121:29 | [DotExpr] list.find | arrays.js:121:26:121:29 | [Label] find | semmle.order | 2 | -| arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | arrays.js:121:21:121:29 | [DotExpr] list.find | semmle.label | 0 | -| arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | arrays.js:121:21:121:29 | [DotExpr] list.find | semmle.order | 0 | -| arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:121:21:121:51 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:121:41:121:50 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:121:41:121:50 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:121:41:121:50 | [CallExpr] sink(item) | arrays.js:121:41:121:44 | [VarRef] sink | semmle.label | 0 | -| arrays.js:121:41:121:50 | [CallExpr] sink(item) | arrays.js:121:41:121:44 | [VarRef] sink | semmle.order | 0 | -| arrays.js:121:41:121:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:121:41:121:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:122:5:122:17 | [CallExpr] sink(element) | arrays.js:122:5:122:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:122:5:122:17 | [CallExpr] sink(element) | arrays.js:122:5:122:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:122:5:122:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:122:5:122:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:122:5:122:18 | [ExprStmt] sink(element); | arrays.js:122:5:122:17 | [CallExpr] sink(element) | semmle.label | 1 | -| arrays.js:122:5:122:18 | [ExprStmt] sink(element); | arrays.js:122:5:122:17 | [CallExpr] sink(element) | semmle.order | 1 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:126:5:126:28 | [DeclStmt] const list = ... | semmle.label | 1 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:126:5:126:28 | [DeclStmt] const list = ... | semmle.order | 1 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:127:5:127:61 | [DeclStmt] const element = ... | semmle.label | 2 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:127:5:127:61 | [DeclStmt] const element = ... | semmle.order | 2 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:128:5:128:18 | [ExprStmt] sink(element); | semmle.label | 3 | -| arrays.js:125:3:129:3 | [BlockStmt] { // T ... OK } | arrays.js:128:5:128:18 | [ExprStmt] sink(element); | semmle.order | 3 | -| arrays.js:126:5:126:28 | [DeclStmt] const list = ... | arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | -| arrays.js:126:5:126:28 | [DeclStmt] const list = ... | arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | -| arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | arrays.js:126:11:126:14 | [VarDecl] list | semmle.label | 1 | -| arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | arrays.js:126:11:126:14 | [VarDecl] list | semmle.order | 1 | -| arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | arrays.js:126:18:126:27 | [ArrayExpr] ["source"] | semmle.label | 2 | -| arrays.js:126:11:126:27 | [VariableDeclarator] list = ["source"] | arrays.js:126:18:126:27 | [ArrayExpr] ["source"] | semmle.order | 2 | -| arrays.js:126:18:126:27 | [ArrayExpr] ["source"] | arrays.js:126:19:126:26 | [Literal] "source" | semmle.label | 1 | -| arrays.js:126:18:126:27 | [ArrayExpr] ["source"] | arrays.js:126:19:126:26 | [Literal] "source" | semmle.order | 1 | -| arrays.js:127:5:127:61 | [DeclStmt] const element = ... | arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:127:5:127:61 | [DeclStmt] const element = ... | arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | arrays.js:127:11:127:17 | [VarDecl] element | semmle.label | 1 | -| arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | arrays.js:127:11:127:17 | [VarDecl] element | semmle.order | 1 | -| arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | -| arrays.js:127:11:127:60 | [VariableDeclarator] element ... (item)) | arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | -| arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | arrays.js:127:21:127:24 | [VarRef] list | semmle.label | 1 | -| arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | arrays.js:127:21:127:24 | [VarRef] list | semmle.order | 1 | -| arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | arrays.js:127:26:127:38 | [Label] findLastIndex | semmle.label | 2 | -| arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | arrays.js:127:26:127:38 | [Label] findLastIndex | semmle.order | 2 | -| arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | semmle.label | 0 | -| arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | arrays.js:127:21:127:38 | [DotExpr] list.findLastIndex | semmle.order | 0 | -| arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:127:21:127:60 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:127:50:127:59 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:127:50:127:59 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:127:50:127:59 | [CallExpr] sink(item) | arrays.js:127:50:127:53 | [VarRef] sink | semmle.label | 0 | -| arrays.js:127:50:127:59 | [CallExpr] sink(item) | arrays.js:127:50:127:53 | [VarRef] sink | semmle.order | 0 | -| arrays.js:127:50:127:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:127:50:127:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:128:5:128:17 | [CallExpr] sink(element) | arrays.js:128:5:128:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:128:5:128:17 | [CallExpr] sink(element) | arrays.js:128:5:128:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:128:5:128:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:128:5:128:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:128:5:128:18 | [ExprStmt] sink(element); | arrays.js:128:5:128:17 | [CallExpr] sink(element) | semmle.label | 1 | -| arrays.js:128:5:128:18 | [ExprStmt] sink(element); | arrays.js:128:5:128:17 | [CallExpr] sink(element) | semmle.order | 1 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:131:5:131:25 | [DeclStmt] const arr = ... | semmle.label | 1 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:131:5:131:25 | [DeclStmt] const arr = ... | semmle.order | 1 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:132:5:132:52 | [DeclStmt] const element1 = ... | semmle.label | 2 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:132:5:132:52 | [DeclStmt] const element1 = ... | semmle.order | 2 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:133:5:133:19 | [ExprStmt] sink(element1); | semmle.label | 3 | -| arrays.js:130:3:134:3 | [BlockStmt] { c ... OK } | arrays.js:133:5:133:19 | [ExprStmt] sink(element1); | semmle.order | 3 | -| arrays.js:131:5:131:25 | [DeclStmt] const arr = ... | arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | -| arrays.js:131:5:131:25 | [DeclStmt] const arr = ... | arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | -| arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | arrays.js:131:11:131:13 | [VarDecl] arr | semmle.label | 1 | -| arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | arrays.js:131:11:131:13 | [VarDecl] arr | semmle.order | 1 | -| arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | arrays.js:131:17:131:24 | [CallExpr] source() | semmle.label | 2 | -| arrays.js:131:11:131:24 | [VariableDeclarator] arr = source() | arrays.js:131:17:131:24 | [CallExpr] source() | semmle.order | 2 | -| arrays.js:131:17:131:24 | [CallExpr] source() | arrays.js:131:17:131:22 | [VarRef] source | semmle.label | 0 | -| arrays.js:131:17:131:24 | [CallExpr] source() | arrays.js:131:17:131:22 | [VarRef] source | semmle.order | 0 | -| arrays.js:132:5:132:52 | [DeclStmt] const element1 = ... | arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:132:5:132:52 | [DeclStmt] const element1 = ... | arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | arrays.js:132:11:132:18 | [VarDecl] element1 | semmle.label | 1 | -| arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | arrays.js:132:11:132:18 | [VarDecl] element1 | semmle.order | 1 | -| arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | -| arrays.js:132:11:132:51 | [VariableDeclarator] element ... (item)) | arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | -| arrays.js:132:22:132:29 | [DotExpr] arr.find | arrays.js:132:22:132:24 | [VarRef] arr | semmle.label | 1 | -| arrays.js:132:22:132:29 | [DotExpr] arr.find | arrays.js:132:22:132:24 | [VarRef] arr | semmle.order | 1 | -| arrays.js:132:22:132:29 | [DotExpr] arr.find | arrays.js:132:26:132:29 | [Label] find | semmle.label | 2 | -| arrays.js:132:22:132:29 | [DotExpr] arr.find | arrays.js:132:26:132:29 | [Label] find | semmle.order | 2 | -| arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:132:22:132:29 | [DotExpr] arr.find | semmle.label | 0 | -| arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:132:22:132:29 | [DotExpr] arr.find | semmle.order | 0 | -| arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:132:22:132:51 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:132:41:132:50 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:132:41:132:50 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:132:41:132:50 | [CallExpr] sink(item) | arrays.js:132:41:132:44 | [VarRef] sink | semmle.label | 0 | -| arrays.js:132:41:132:50 | [CallExpr] sink(item) | arrays.js:132:41:132:44 | [VarRef] sink | semmle.order | 0 | -| arrays.js:132:41:132:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:132:41:132:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:133:5:133:18 | [CallExpr] sink(element1) | arrays.js:133:5:133:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:133:5:133:18 | [CallExpr] sink(element1) | arrays.js:133:5:133:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:133:5:133:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:133:5:133:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:133:5:133:19 | [ExprStmt] sink(element1); | arrays.js:133:5:133:18 | [CallExpr] sink(element1) | semmle.label | 1 | -| arrays.js:133:5:133:19 | [ExprStmt] sink(element1); | arrays.js:133:5:133:18 | [CallExpr] sink(element1) | semmle.order | 1 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:137:5:137:25 | [DeclStmt] const arr = ... | semmle.label | 1 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:137:5:137:25 | [DeclStmt] const arr = ... | semmle.order | 1 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:138:5:138:56 | [DeclStmt] const element1 = ... | semmle.label | 2 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:138:5:138:56 | [DeclStmt] const element1 = ... | semmle.order | 2 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:139:5:139:19 | [ExprStmt] sink(element1); | semmle.label | 3 | -| arrays.js:136:3:140:3 | [BlockStmt] { c ... OK } | arrays.js:139:5:139:19 | [ExprStmt] sink(element1); | semmle.order | 3 | -| arrays.js:137:5:137:25 | [DeclStmt] const arr = ... | arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | -| arrays.js:137:5:137:25 | [DeclStmt] const arr = ... | arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | -| arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | arrays.js:137:11:137:13 | [VarDecl] arr | semmle.label | 1 | -| arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | arrays.js:137:11:137:13 | [VarDecl] arr | semmle.order | 1 | -| arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | arrays.js:137:17:137:24 | [CallExpr] source() | semmle.label | 2 | -| arrays.js:137:11:137:24 | [VariableDeclarator] arr = source() | arrays.js:137:17:137:24 | [CallExpr] source() | semmle.order | 2 | -| arrays.js:137:17:137:24 | [CallExpr] source() | arrays.js:137:17:137:22 | [VarRef] source | semmle.label | 0 | -| arrays.js:137:17:137:24 | [CallExpr] source() | arrays.js:137:17:137:22 | [VarRef] source | semmle.order | 0 | -| arrays.js:138:5:138:56 | [DeclStmt] const element1 = ... | arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:138:5:138:56 | [DeclStmt] const element1 = ... | arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | arrays.js:138:11:138:18 | [VarDecl] element1 | semmle.label | 1 | -| arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | arrays.js:138:11:138:18 | [VarDecl] element1 | semmle.order | 1 | -| arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | -| arrays.js:138:11:138:55 | [VariableDeclarator] element ... (item)) | arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | -| arrays.js:138:22:138:33 | [DotExpr] arr.findLast | arrays.js:138:22:138:24 | [VarRef] arr | semmle.label | 1 | -| arrays.js:138:22:138:33 | [DotExpr] arr.findLast | arrays.js:138:22:138:24 | [VarRef] arr | semmle.order | 1 | -| arrays.js:138:22:138:33 | [DotExpr] arr.findLast | arrays.js:138:26:138:33 | [Label] findLast | semmle.label | 2 | -| arrays.js:138:22:138:33 | [DotExpr] arr.findLast | arrays.js:138:26:138:33 | [Label] findLast | semmle.order | 2 | -| arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:138:22:138:33 | [DotExpr] arr.findLast | semmle.label | 0 | -| arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:138:22:138:33 | [DotExpr] arr.findLast | semmle.order | 0 | -| arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:138:22:138:55 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:138:45:138:54 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:138:45:138:54 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:138:45:138:54 | [CallExpr] sink(item) | arrays.js:138:45:138:48 | [VarRef] sink | semmle.label | 0 | -| arrays.js:138:45:138:54 | [CallExpr] sink(item) | arrays.js:138:45:138:48 | [VarRef] sink | semmle.order | 0 | -| arrays.js:138:45:138:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:138:45:138:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:139:5:139:18 | [CallExpr] sink(element1) | arrays.js:139:5:139:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:139:5:139:18 | [CallExpr] sink(element1) | arrays.js:139:5:139:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:139:5:139:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:139:5:139:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:139:5:139:19 | [ExprStmt] sink(element1); | arrays.js:139:5:139:18 | [CallExpr] sink(element1) | semmle.label | 1 | -| arrays.js:139:5:139:19 | [ExprStmt] sink(element1); | arrays.js:139:5:139:18 | [CallExpr] sink(element1) | semmle.order | 1 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:143:5:143:25 | [DeclStmt] const arr = ... | semmle.label | 1 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:143:5:143:25 | [DeclStmt] const arr = ... | semmle.order | 1 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:144:5:144:61 | [DeclStmt] const element1 = ... | semmle.label | 2 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:144:5:144:61 | [DeclStmt] const element1 = ... | semmle.order | 2 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:145:5:145:19 | [ExprStmt] sink(element1); | semmle.label | 3 | -| arrays.js:142:3:146:3 | [BlockStmt] { c ... OK } | arrays.js:145:5:145:19 | [ExprStmt] sink(element1); | semmle.order | 3 | -| arrays.js:143:5:143:25 | [DeclStmt] const arr = ... | arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | -| arrays.js:143:5:143:25 | [DeclStmt] const arr = ... | arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | -| arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | arrays.js:143:11:143:13 | [VarDecl] arr | semmle.label | 1 | -| arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | arrays.js:143:11:143:13 | [VarDecl] arr | semmle.order | 1 | -| arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | arrays.js:143:17:143:24 | [CallExpr] source() | semmle.label | 2 | -| arrays.js:143:11:143:24 | [VariableDeclarator] arr = source() | arrays.js:143:17:143:24 | [CallExpr] source() | semmle.order | 2 | -| arrays.js:143:17:143:24 | [CallExpr] source() | arrays.js:143:17:143:22 | [VarRef] source | semmle.label | 0 | -| arrays.js:143:17:143:24 | [CallExpr] source() | arrays.js:143:17:143:22 | [VarRef] source | semmle.order | 0 | -| arrays.js:144:5:144:61 | [DeclStmt] const element1 = ... | arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | -| arrays.js:144:5:144:61 | [DeclStmt] const element1 = ... | arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | -| arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | arrays.js:144:11:144:18 | [VarDecl] element1 | semmle.label | 1 | -| arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | arrays.js:144:11:144:18 | [VarDecl] element1 | semmle.order | 1 | -| arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | -| arrays.js:144:11:144:60 | [VariableDeclarator] element ... (item)) | arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | -| arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | arrays.js:144:22:144:24 | [VarRef] arr | semmle.label | 1 | -| arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | arrays.js:144:22:144:24 | [VarRef] arr | semmle.order | 1 | -| arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | arrays.js:144:26:144:38 | [Label] findLastIndex | semmle.label | 2 | -| arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | arrays.js:144:26:144:38 | [Label] findLastIndex | semmle.order | 2 | -| arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | semmle.label | 0 | -| arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:144:22:144:38 | [DotExpr] arr.findLastIndex | semmle.order | 0 | -| arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:144:22:144:60 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:144:50:144:59 | [CallExpr] sink(item) | semmle.label | 5 | -| arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:144:50:144:59 | [CallExpr] sink(item) | semmle.order | 5 | -| arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | -| arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | -| arrays.js:144:50:144:59 | [CallExpr] sink(item) | arrays.js:144:50:144:53 | [VarRef] sink | semmle.label | 0 | -| arrays.js:144:50:144:59 | [CallExpr] sink(item) | arrays.js:144:50:144:53 | [VarRef] sink | semmle.order | 0 | -| arrays.js:144:50:144:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:144:50:144:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:145:5:145:18 | [CallExpr] sink(element1) | arrays.js:145:5:145:8 | [VarRef] sink | semmle.label | 0 | -| arrays.js:145:5:145:18 | [CallExpr] sink(element1) | arrays.js:145:5:145:8 | [VarRef] sink | semmle.order | 0 | -| arrays.js:145:5:145:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | -| arrays.js:145:5:145:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | -| arrays.js:145:5:145:19 | [ExprStmt] sink(element1); | arrays.js:145:5:145:18 | [CallExpr] sink(element1) | semmle.label | 1 | -| arrays.js:145:5:145:19 | [ExprStmt] sink(element1); | arrays.js:145:5:145:18 | [CallExpr] sink(element1) | semmle.order | 1 | +| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | 0 | +| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.order | 0 | +| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | 1 | +| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.order | 1 | +| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:36:96:38 | [Label] pop | semmle.label | 2 | +| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:36:96:38 | [Label] pop | semmle.order | 2 | +| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.label | 0 | +| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.order | 0 | +| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | arrays.js:96:33:96:33 | [VarRef] x | semmle.label | 5 | +| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | arrays.js:96:33:96:33 | [VarRef] x | semmle.order | 5 | +| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | arrays.js:97:3:97:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | arrays.js:97:3:97:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.label | 1 | +| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.order | 1 | +| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | arrays.js:97:9:97:16 | [Literal] "source" | semmle.label | 1 | +| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | arrays.js:97:9:97:16 | [Literal] "source" | semmle.order | 1 | +| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.label | 1 | +| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.order | 1 | +| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:19:97:24 | [Label] filter | semmle.label | 2 | +| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:19:97:24 | [Label] filter | semmle.order | 2 | +| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.label | 0 | +| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.order | 0 | +| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | 1 | +| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.order | 1 | +| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:38:97:40 | [Label] pop | semmle.label | 2 | +| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:38:97:40 | [Label] pop | semmle.order | 2 | +| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.label | 0 | +| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.order | 0 | +| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.label | 5 | +| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.order | 5 | +| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:97:33:97:35 | [UnaryExpr] !!x | arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.label | 1 | +| arrays.js:97:33:97:35 | [UnaryExpr] !!x | arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.order | 1 | +| arrays.js:97:34:97:35 | [UnaryExpr] !x | arrays.js:97:35:97:35 | [VarRef] x | semmle.label | 1 | +| arrays.js:97:34:97:35 | [UnaryExpr] !x | arrays.js:97:35:97:35 | [VarRef] x | semmle.order | 1 | +| arrays.js:99:3:99:16 | [DeclStmt] var arr8 = ... | arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | semmle.label | 1 | +| arrays.js:99:3:99:16 | [DeclStmt] var arr8 = ... | arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | semmle.order | 1 | +| arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | arrays.js:99:7:99:10 | [VarDecl] arr8 | semmle.label | 1 | +| arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | arrays.js:99:7:99:10 | [VarDecl] arr8 | semmle.order | 1 | +| arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | arrays.js:99:14:99:15 | [ArrayExpr] [] | semmle.label | 2 | +| arrays.js:99:7:99:15 | [VariableDeclarator] arr8 = [] | arrays.js:99:14:99:15 | [ArrayExpr] [] | semmle.order | 2 | +| arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | arrays.js:100:3:100:6 | [VarRef] arr8 | semmle.label | 1 | +| arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | arrays.js:100:3:100:6 | [VarRef] arr8 | semmle.order | 1 | +| arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | semmle.label | 2 | +| arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | semmle.order | 2 | +| arrays.js:100:3:100:40 | [ExprStmt] arr8 = ... urce"); | arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | semmle.label | 1 | +| arrays.js:100:3:100:40 | [ExprStmt] arr8 = ... urce"); | arrays.js:100:3:100:39 | [AssignExpr] arr8 = ... ource") | semmle.order | 1 | +| arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | arrays.js:100:10:100:13 | [VarRef] arr8 | semmle.label | 1 | +| arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | arrays.js:100:10:100:13 | [VarRef] arr8 | semmle.order | 1 | +| arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | arrays.js:100:15:100:23 | [Label] toSpliced | semmle.label | 2 | +| arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | arrays.js:100:15:100:23 | [Label] toSpliced | semmle.order | 2 | +| arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | semmle.label | 0 | +| arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | arrays.js:100:10:100:23 | [DotExpr] arr8.toSpliced | semmle.order | 0 | +| arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:100:10:100:39 | [MethodCallExpr] arr8.to ... ource") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | arrays.js:101:3:101:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | arrays.js:101:3:101:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:101:3:101:19 | [ExprStmt] sink(arr8.pop()); | arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | semmle.label | 1 | +| arrays.js:101:3:101:19 | [ExprStmt] sink(arr8.pop()); | arrays.js:101:3:101:18 | [CallExpr] sink(arr8.pop()) | semmle.order | 1 | +| arrays.js:101:8:101:15 | [DotExpr] arr8.pop | arrays.js:101:8:101:11 | [VarRef] arr8 | semmle.label | 1 | +| arrays.js:101:8:101:15 | [DotExpr] arr8.pop | arrays.js:101:8:101:11 | [VarRef] arr8 | semmle.order | 1 | +| arrays.js:101:8:101:15 | [DotExpr] arr8.pop | arrays.js:101:13:101:15 | [Label] pop | semmle.label | 2 | +| arrays.js:101:8:101:15 | [DotExpr] arr8.pop | arrays.js:101:13:101:15 | [Label] pop | semmle.order | 2 | +| arrays.js:101:8:101:17 | [MethodCallExpr] arr8.pop() | arrays.js:101:8:101:15 | [DotExpr] arr8.pop | semmle.label | 0 | +| arrays.js:101:8:101:17 | [MethodCallExpr] arr8.pop() | arrays.js:101:8:101:15 | [DotExpr] arr8.pop | semmle.order | 0 | +| arrays.js:103:3:103:24 | [DeclStmt] var arr8_variant = ... | arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | semmle.label | 1 | +| arrays.js:103:3:103:24 | [DeclStmt] var arr8_variant = ... | arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | semmle.order | 1 | +| arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:103:7:103:18 | [VarDecl] arr8_variant | semmle.label | 1 | +| arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:103:7:103:18 | [VarDecl] arr8_variant | semmle.order | 1 | +| arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:103:22:103:23 | [ArrayExpr] [] | semmle.label | 2 | +| arrays.js:103:7:103:23 | [VariableDeclarator] arr8_variant = [] | arrays.js:103:22:103:23 | [ArrayExpr] [] | semmle.order | 2 | +| arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | arrays.js:104:3:104:14 | [VarRef] arr8_variant | semmle.label | 1 | +| arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | arrays.js:104:3:104:14 | [VarRef] arr8_variant | semmle.order | 1 | +| arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | semmle.label | 2 | +| arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | semmle.order | 2 | +| arrays.js:104:3:104:64 | [ExprStmt] arr8_va ... urce"); | arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | semmle.label | 1 | +| arrays.js:104:3:104:64 | [ExprStmt] arr8_va ... urce"); | arrays.js:104:3:104:63 | [AssignExpr] arr8_va ... ource") | semmle.order | 1 | +| arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | arrays.js:104:18:104:29 | [VarRef] arr8_variant | semmle.label | 1 | +| arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | arrays.js:104:18:104:29 | [VarRef] arr8_variant | semmle.order | 1 | +| arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | arrays.js:104:31:104:39 | [Label] toSpliced | semmle.label | 2 | +| arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | arrays.js:104:31:104:39 | [Label] toSpliced | semmle.order | 2 | +| arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | semmle.label | 0 | +| arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | arrays.js:104:18:104:39 | [DotExpr] arr8_va ... Spliced | semmle.order | 0 | +| arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:104:18:104:63 | [MethodCallExpr] arr8_va ... ource") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | arrays.js:105:3:105:14 | [VarRef] arr8_variant | semmle.label | 1 | +| arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | arrays.js:105:3:105:14 | [VarRef] arr8_variant | semmle.order | 1 | +| arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | arrays.js:105:16:105:18 | [Label] pop | semmle.label | 2 | +| arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | arrays.js:105:16:105:18 | [Label] pop | semmle.order | 2 | +| arrays.js:105:3:105:20 | [MethodCallExpr] arr8_variant.pop() | arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | semmle.label | 0 | +| arrays.js:105:3:105:20 | [MethodCallExpr] arr8_variant.pop() | arrays.js:105:3:105:18 | [DotExpr] arr8_variant.pop | semmle.order | 0 | +| arrays.js:105:3:105:21 | [ExprStmt] arr8_variant.pop(); | arrays.js:105:3:105:20 | [MethodCallExpr] arr8_variant.pop() | semmle.label | 1 | +| arrays.js:105:3:105:21 | [ExprStmt] arr8_variant.pop(); | arrays.js:105:3:105:20 | [MethodCallExpr] arr8_variant.pop() | semmle.order | 1 | +| arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | arrays.js:106:3:106:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | arrays.js:106:3:106:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:106:3:106:27 | [ExprStmt] sink(ar ... pop()); | arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | semmle.label | 1 | +| arrays.js:106:3:106:27 | [ExprStmt] sink(ar ... pop()); | arrays.js:106:3:106:26 | [CallExpr] sink(ar ... .pop()) | semmle.order | 1 | +| arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | arrays.js:106:8:106:19 | [VarRef] arr8_variant | semmle.label | 1 | +| arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | arrays.js:106:8:106:19 | [VarRef] arr8_variant | semmle.order | 1 | +| arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | arrays.js:106:21:106:23 | [Label] pop | semmle.label | 2 | +| arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | arrays.js:106:21:106:23 | [Label] pop | semmle.order | 2 | +| arrays.js:106:8:106:25 | [MethodCallExpr] arr8_variant.pop() | arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | semmle.label | 0 | +| arrays.js:106:8:106:25 | [MethodCallExpr] arr8_variant.pop() | arrays.js:106:8:106:23 | [DotExpr] arr8_variant.pop | semmle.order | 0 | +| arrays.js:108:3:108:23 | [DeclStmt] var arr8_spread = ... | arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | semmle.label | 1 | +| arrays.js:108:3:108:23 | [DeclStmt] var arr8_spread = ... | arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | semmle.order | 1 | +| arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:108:7:108:17 | [VarDecl] arr8_spread | semmle.label | 1 | +| arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:108:7:108:17 | [VarDecl] arr8_spread | semmle.order | 1 | +| arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:108:21:108:22 | [ArrayExpr] [] | semmle.label | 2 | +| arrays.js:108:7:108:22 | [VariableDeclarator] arr8_spread = [] | arrays.js:108:21:108:22 | [ArrayExpr] [] | semmle.order | 2 | +| arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:109:3:109:13 | [VarRef] arr8_spread | semmle.label | 1 | +| arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:109:3:109:13 | [VarRef] arr8_spread | semmle.order | 1 | +| arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.label | 2 | +| arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | semmle.order | 2 | +| arrays.js:109:3:109:52 | [ExprStmt] arr8_sp ... ..arr); | arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.label | 1 | +| arrays.js:109:3:109:52 | [ExprStmt] arr8_sp ... ..arr); | arrays.js:109:3:109:51 | [AssignExpr] arr8_sp ... ...arr) | semmle.order | 1 | +| arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:109:17:109:27 | [VarRef] arr8_spread | semmle.label | 1 | +| arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:109:17:109:27 | [VarRef] arr8_spread | semmle.order | 1 | +| arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:109:29:109:37 | [Label] toSpliced | semmle.label | 2 | +| arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | arrays.js:109:29:109:37 | [Label] toSpliced | semmle.order | 2 | +| arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | semmle.label | 0 | +| arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | arrays.js:109:17:109:37 | [DotExpr] arr8_sp ... Spliced | semmle.order | 0 | +| arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:109:17:109:51 | [MethodCallExpr] arr8_sp ... ...arr) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:109:45:109:50 | [SpreadElement] ...arr | arrays.js:109:48:109:50 | [VarRef] arr | semmle.label | 1 | +| arrays.js:109:45:109:50 | [SpreadElement] ...arr | arrays.js:109:48:109:50 | [VarRef] arr | semmle.order | 1 | +| arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | arrays.js:110:3:110:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | arrays.js:110:3:110:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:110:3:110:26 | [ExprStmt] sink(ar ... pop()); | arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | semmle.label | 1 | +| arrays.js:110:3:110:26 | [ExprStmt] sink(ar ... pop()); | arrays.js:110:3:110:25 | [CallExpr] sink(ar ... .pop()) | semmle.order | 1 | +| arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | arrays.js:110:8:110:18 | [VarRef] arr8_spread | semmle.label | 1 | +| arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | arrays.js:110:8:110:18 | [VarRef] arr8_spread | semmle.order | 1 | +| arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | arrays.js:110:20:110:22 | [Label] pop | semmle.label | 2 | +| arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | arrays.js:110:20:110:22 | [Label] pop | semmle.order | 2 | +| arrays.js:110:8:110:24 | [MethodCallExpr] arr8_spread.pop() | arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | semmle.label | 0 | +| arrays.js:110:8:110:24 | [MethodCallExpr] arr8_spread.pop() | arrays.js:110:8:110:22 | [DotExpr] arr8_spread.pop | semmle.order | 0 | +| arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | arrays.js:112:3:112:6 | [VarRef] sink | semmle.label | 0 | +| arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | arrays.js:112:3:112:6 | [VarRef] sink | semmle.order | 0 | +| arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:112:3:112:35 | [ExprStmt] sink(ar ... back)); | arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | semmle.label | 1 | +| arrays.js:112:3:112:35 | [ExprStmt] sink(ar ... back)); | arrays.js:112:3:112:34 | [CallExpr] sink(ar ... lback)) | semmle.order | 1 | +| arrays.js:112:8:112:19 | [DotExpr] arr.findLast | arrays.js:112:8:112:10 | [VarRef] arr | semmle.label | 1 | +| arrays.js:112:8:112:19 | [DotExpr] arr.findLast | arrays.js:112:8:112:10 | [VarRef] arr | semmle.order | 1 | +| arrays.js:112:8:112:19 | [DotExpr] arr.findLast | arrays.js:112:12:112:19 | [Label] findLast | semmle.label | 2 | +| arrays.js:112:8:112:19 | [DotExpr] arr.findLast | arrays.js:112:12:112:19 | [Label] findLast | semmle.order | 2 | +| arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | arrays.js:112:8:112:19 | [DotExpr] arr.findLast | semmle.label | 0 | +| arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | arrays.js:112:8:112:19 | [DotExpr] arr.findLast | semmle.order | 0 | +| arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:115:5:115:28 | [DeclStmt] const list = ... | semmle.label | 1 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:115:5:115:28 | [DeclStmt] const list = ... | semmle.order | 1 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:116:5:116:56 | [DeclStmt] const element = ... | semmle.label | 2 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:116:5:116:56 | [DeclStmt] const element = ... | semmle.order | 2 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:117:5:117:18 | [ExprStmt] sink(element); | semmle.label | 3 | +| arrays.js:114:3:118:3 | [BlockStmt] { // T ... OK } | arrays.js:117:5:117:18 | [ExprStmt] sink(element); | semmle.order | 3 | +| arrays.js:115:5:115:28 | [DeclStmt] const list = ... | arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | +| arrays.js:115:5:115:28 | [DeclStmt] const list = ... | arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | +| arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | arrays.js:115:11:115:14 | [VarDecl] list | semmle.label | 1 | +| arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | arrays.js:115:11:115:14 | [VarDecl] list | semmle.order | 1 | +| arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | arrays.js:115:18:115:27 | [ArrayExpr] ["source"] | semmle.label | 2 | +| arrays.js:115:11:115:27 | [VariableDeclarator] list = ["source"] | arrays.js:115:18:115:27 | [ArrayExpr] ["source"] | semmle.order | 2 | +| arrays.js:115:18:115:27 | [ArrayExpr] ["source"] | arrays.js:115:19:115:26 | [Literal] "source" | semmle.label | 1 | +| arrays.js:115:18:115:27 | [ArrayExpr] ["source"] | arrays.js:115:19:115:26 | [Literal] "source" | semmle.order | 1 | +| arrays.js:116:5:116:56 | [DeclStmt] const element = ... | arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:116:5:116:56 | [DeclStmt] const element = ... | arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | arrays.js:116:11:116:17 | [VarDecl] element | semmle.label | 1 | +| arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | arrays.js:116:11:116:17 | [VarDecl] element | semmle.order | 1 | +| arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | +| arrays.js:116:11:116:55 | [VariableDeclarator] element ... (item)) | arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | +| arrays.js:116:21:116:33 | [DotExpr] list.findLast | arrays.js:116:21:116:24 | [VarRef] list | semmle.label | 1 | +| arrays.js:116:21:116:33 | [DotExpr] list.findLast | arrays.js:116:21:116:24 | [VarRef] list | semmle.order | 1 | +| arrays.js:116:21:116:33 | [DotExpr] list.findLast | arrays.js:116:26:116:33 | [Label] findLast | semmle.label | 2 | +| arrays.js:116:21:116:33 | [DotExpr] list.findLast | arrays.js:116:26:116:33 | [Label] findLast | semmle.order | 2 | +| arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | arrays.js:116:21:116:33 | [DotExpr] list.findLast | semmle.label | 0 | +| arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | arrays.js:116:21:116:33 | [DotExpr] list.findLast | semmle.order | 0 | +| arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:116:21:116:55 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:116:45:116:54 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:116:45:116:54 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:116:45:116:54 | [CallExpr] sink(item) | arrays.js:116:45:116:48 | [VarRef] sink | semmle.label | 0 | +| arrays.js:116:45:116:54 | [CallExpr] sink(item) | arrays.js:116:45:116:48 | [VarRef] sink | semmle.order | 0 | +| arrays.js:116:45:116:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:116:45:116:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:117:5:117:17 | [CallExpr] sink(element) | arrays.js:117:5:117:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:117:5:117:17 | [CallExpr] sink(element) | arrays.js:117:5:117:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:117:5:117:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:117:5:117:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:117:5:117:18 | [ExprStmt] sink(element); | arrays.js:117:5:117:17 | [CallExpr] sink(element) | semmle.label | 1 | +| arrays.js:117:5:117:18 | [ExprStmt] sink(element); | arrays.js:117:5:117:17 | [CallExpr] sink(element) | semmle.order | 1 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:121:5:121:28 | [DeclStmt] const list = ... | semmle.label | 1 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:121:5:121:28 | [DeclStmt] const list = ... | semmle.order | 1 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:122:5:122:52 | [DeclStmt] const element = ... | semmle.label | 2 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:122:5:122:52 | [DeclStmt] const element = ... | semmle.order | 2 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:123:5:123:18 | [ExprStmt] sink(element); | semmle.label | 3 | +| arrays.js:120:3:124:3 | [BlockStmt] { // T ... OK } | arrays.js:123:5:123:18 | [ExprStmt] sink(element); | semmle.order | 3 | +| arrays.js:121:5:121:28 | [DeclStmt] const list = ... | arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | +| arrays.js:121:5:121:28 | [DeclStmt] const list = ... | arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | +| arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | arrays.js:121:11:121:14 | [VarDecl] list | semmle.label | 1 | +| arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | arrays.js:121:11:121:14 | [VarDecl] list | semmle.order | 1 | +| arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | arrays.js:121:18:121:27 | [ArrayExpr] ["source"] | semmle.label | 2 | +| arrays.js:121:11:121:27 | [VariableDeclarator] list = ["source"] | arrays.js:121:18:121:27 | [ArrayExpr] ["source"] | semmle.order | 2 | +| arrays.js:121:18:121:27 | [ArrayExpr] ["source"] | arrays.js:121:19:121:26 | [Literal] "source" | semmle.label | 1 | +| arrays.js:121:18:121:27 | [ArrayExpr] ["source"] | arrays.js:121:19:121:26 | [Literal] "source" | semmle.order | 1 | +| arrays.js:122:5:122:52 | [DeclStmt] const element = ... | arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:122:5:122:52 | [DeclStmt] const element = ... | arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | arrays.js:122:11:122:17 | [VarDecl] element | semmle.label | 1 | +| arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | arrays.js:122:11:122:17 | [VarDecl] element | semmle.order | 1 | +| arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | +| arrays.js:122:11:122:51 | [VariableDeclarator] element ... (item)) | arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | +| arrays.js:122:21:122:29 | [DotExpr] list.find | arrays.js:122:21:122:24 | [VarRef] list | semmle.label | 1 | +| arrays.js:122:21:122:29 | [DotExpr] list.find | arrays.js:122:21:122:24 | [VarRef] list | semmle.order | 1 | +| arrays.js:122:21:122:29 | [DotExpr] list.find | arrays.js:122:26:122:29 | [Label] find | semmle.label | 2 | +| arrays.js:122:21:122:29 | [DotExpr] list.find | arrays.js:122:26:122:29 | [Label] find | semmle.order | 2 | +| arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | arrays.js:122:21:122:29 | [DotExpr] list.find | semmle.label | 0 | +| arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | arrays.js:122:21:122:29 | [DotExpr] list.find | semmle.order | 0 | +| arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:122:21:122:51 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:122:41:122:50 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:122:41:122:50 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:122:41:122:50 | [CallExpr] sink(item) | arrays.js:122:41:122:44 | [VarRef] sink | semmle.label | 0 | +| arrays.js:122:41:122:50 | [CallExpr] sink(item) | arrays.js:122:41:122:44 | [VarRef] sink | semmle.order | 0 | +| arrays.js:122:41:122:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:122:41:122:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:123:5:123:17 | [CallExpr] sink(element) | arrays.js:123:5:123:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:123:5:123:17 | [CallExpr] sink(element) | arrays.js:123:5:123:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:123:5:123:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:123:5:123:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:123:5:123:18 | [ExprStmt] sink(element); | arrays.js:123:5:123:17 | [CallExpr] sink(element) | semmle.label | 1 | +| arrays.js:123:5:123:18 | [ExprStmt] sink(element); | arrays.js:123:5:123:17 | [CallExpr] sink(element) | semmle.order | 1 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:127:5:127:28 | [DeclStmt] const list = ... | semmle.label | 1 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:127:5:127:28 | [DeclStmt] const list = ... | semmle.order | 1 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:128:5:128:61 | [DeclStmt] const element = ... | semmle.label | 2 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:128:5:128:61 | [DeclStmt] const element = ... | semmle.order | 2 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:129:5:129:18 | [ExprStmt] sink(element); | semmle.label | 3 | +| arrays.js:126:3:130:3 | [BlockStmt] { // T ... OK } | arrays.js:129:5:129:18 | [ExprStmt] sink(element); | semmle.order | 3 | +| arrays.js:127:5:127:28 | [DeclStmt] const list = ... | arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | semmle.label | 1 | +| arrays.js:127:5:127:28 | [DeclStmt] const list = ... | arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | semmle.order | 1 | +| arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | arrays.js:127:11:127:14 | [VarDecl] list | semmle.label | 1 | +| arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | arrays.js:127:11:127:14 | [VarDecl] list | semmle.order | 1 | +| arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | arrays.js:127:18:127:27 | [ArrayExpr] ["source"] | semmle.label | 2 | +| arrays.js:127:11:127:27 | [VariableDeclarator] list = ["source"] | arrays.js:127:18:127:27 | [ArrayExpr] ["source"] | semmle.order | 2 | +| arrays.js:127:18:127:27 | [ArrayExpr] ["source"] | arrays.js:127:19:127:26 | [Literal] "source" | semmle.label | 1 | +| arrays.js:127:18:127:27 | [ArrayExpr] ["source"] | arrays.js:127:19:127:26 | [Literal] "source" | semmle.order | 1 | +| arrays.js:128:5:128:61 | [DeclStmt] const element = ... | arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:128:5:128:61 | [DeclStmt] const element = ... | arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | arrays.js:128:11:128:17 | [VarDecl] element | semmle.label | 1 | +| arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | arrays.js:128:11:128:17 | [VarDecl] element | semmle.order | 1 | +| arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | semmle.label | 2 | +| arrays.js:128:11:128:60 | [VariableDeclarator] element ... (item)) | arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | semmle.order | 2 | +| arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | arrays.js:128:21:128:24 | [VarRef] list | semmle.label | 1 | +| arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | arrays.js:128:21:128:24 | [VarRef] list | semmle.order | 1 | +| arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | arrays.js:128:26:128:38 | [Label] findLastIndex | semmle.label | 2 | +| arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | arrays.js:128:26:128:38 | [Label] findLastIndex | semmle.order | 2 | +| arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | semmle.label | 0 | +| arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | arrays.js:128:21:128:38 | [DotExpr] list.findLastIndex | semmle.order | 0 | +| arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:128:21:128:60 | [MethodCallExpr] list.fi ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:128:50:128:59 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:128:50:128:59 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:128:50:128:59 | [CallExpr] sink(item) | arrays.js:128:50:128:53 | [VarRef] sink | semmle.label | 0 | +| arrays.js:128:50:128:59 | [CallExpr] sink(item) | arrays.js:128:50:128:53 | [VarRef] sink | semmle.order | 0 | +| arrays.js:128:50:128:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:128:50:128:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:129:5:129:17 | [CallExpr] sink(element) | arrays.js:129:5:129:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:129:5:129:17 | [CallExpr] sink(element) | arrays.js:129:5:129:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:129:5:129:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:129:5:129:17 | [CallExpr] sink(element) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:129:5:129:18 | [ExprStmt] sink(element); | arrays.js:129:5:129:17 | [CallExpr] sink(element) | semmle.label | 1 | +| arrays.js:129:5:129:18 | [ExprStmt] sink(element); | arrays.js:129:5:129:17 | [CallExpr] sink(element) | semmle.order | 1 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:132:5:132:25 | [DeclStmt] const arr = ... | semmle.label | 1 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:132:5:132:25 | [DeclStmt] const arr = ... | semmle.order | 1 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:133:5:133:52 | [DeclStmt] const element1 = ... | semmle.label | 2 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:133:5:133:52 | [DeclStmt] const element1 = ... | semmle.order | 2 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:134:5:134:19 | [ExprStmt] sink(element1); | semmle.label | 3 | +| arrays.js:131:3:135:3 | [BlockStmt] { c ... OK } | arrays.js:134:5:134:19 | [ExprStmt] sink(element1); | semmle.order | 3 | +| arrays.js:132:5:132:25 | [DeclStmt] const arr = ... | arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | +| arrays.js:132:5:132:25 | [DeclStmt] const arr = ... | arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | +| arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | arrays.js:132:11:132:13 | [VarDecl] arr | semmle.label | 1 | +| arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | arrays.js:132:11:132:13 | [VarDecl] arr | semmle.order | 1 | +| arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | arrays.js:132:17:132:24 | [CallExpr] source() | semmle.label | 2 | +| arrays.js:132:11:132:24 | [VariableDeclarator] arr = source() | arrays.js:132:17:132:24 | [CallExpr] source() | semmle.order | 2 | +| arrays.js:132:17:132:24 | [CallExpr] source() | arrays.js:132:17:132:22 | [VarRef] source | semmle.label | 0 | +| arrays.js:132:17:132:24 | [CallExpr] source() | arrays.js:132:17:132:22 | [VarRef] source | semmle.order | 0 | +| arrays.js:133:5:133:52 | [DeclStmt] const element1 = ... | arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:133:5:133:52 | [DeclStmt] const element1 = ... | arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | arrays.js:133:11:133:18 | [VarDecl] element1 | semmle.label | 1 | +| arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | arrays.js:133:11:133:18 | [VarDecl] element1 | semmle.order | 1 | +| arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | +| arrays.js:133:11:133:51 | [VariableDeclarator] element ... (item)) | arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | +| arrays.js:133:22:133:29 | [DotExpr] arr.find | arrays.js:133:22:133:24 | [VarRef] arr | semmle.label | 1 | +| arrays.js:133:22:133:29 | [DotExpr] arr.find | arrays.js:133:22:133:24 | [VarRef] arr | semmle.order | 1 | +| arrays.js:133:22:133:29 | [DotExpr] arr.find | arrays.js:133:26:133:29 | [Label] find | semmle.label | 2 | +| arrays.js:133:22:133:29 | [DotExpr] arr.find | arrays.js:133:26:133:29 | [Label] find | semmle.order | 2 | +| arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:133:22:133:29 | [DotExpr] arr.find | semmle.label | 0 | +| arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:133:22:133:29 | [DotExpr] arr.find | semmle.order | 0 | +| arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:133:22:133:51 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:133:41:133:50 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:133:41:133:50 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:133:41:133:50 | [CallExpr] sink(item) | arrays.js:133:41:133:44 | [VarRef] sink | semmle.label | 0 | +| arrays.js:133:41:133:50 | [CallExpr] sink(item) | arrays.js:133:41:133:44 | [VarRef] sink | semmle.order | 0 | +| arrays.js:133:41:133:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:133:41:133:50 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:134:5:134:18 | [CallExpr] sink(element1) | arrays.js:134:5:134:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:134:5:134:18 | [CallExpr] sink(element1) | arrays.js:134:5:134:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:134:5:134:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:134:5:134:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:134:5:134:19 | [ExprStmt] sink(element1); | arrays.js:134:5:134:18 | [CallExpr] sink(element1) | semmle.label | 1 | +| arrays.js:134:5:134:19 | [ExprStmt] sink(element1); | arrays.js:134:5:134:18 | [CallExpr] sink(element1) | semmle.order | 1 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:138:5:138:25 | [DeclStmt] const arr = ... | semmle.label | 1 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:138:5:138:25 | [DeclStmt] const arr = ... | semmle.order | 1 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:139:5:139:56 | [DeclStmt] const element1 = ... | semmle.label | 2 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:139:5:139:56 | [DeclStmt] const element1 = ... | semmle.order | 2 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:140:5:140:19 | [ExprStmt] sink(element1); | semmle.label | 3 | +| arrays.js:137:3:141:3 | [BlockStmt] { c ... OK } | arrays.js:140:5:140:19 | [ExprStmt] sink(element1); | semmle.order | 3 | +| arrays.js:138:5:138:25 | [DeclStmt] const arr = ... | arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | +| arrays.js:138:5:138:25 | [DeclStmt] const arr = ... | arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | +| arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | arrays.js:138:11:138:13 | [VarDecl] arr | semmle.label | 1 | +| arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | arrays.js:138:11:138:13 | [VarDecl] arr | semmle.order | 1 | +| arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | arrays.js:138:17:138:24 | [CallExpr] source() | semmle.label | 2 | +| arrays.js:138:11:138:24 | [VariableDeclarator] arr = source() | arrays.js:138:17:138:24 | [CallExpr] source() | semmle.order | 2 | +| arrays.js:138:17:138:24 | [CallExpr] source() | arrays.js:138:17:138:22 | [VarRef] source | semmle.label | 0 | +| arrays.js:138:17:138:24 | [CallExpr] source() | arrays.js:138:17:138:22 | [VarRef] source | semmle.order | 0 | +| arrays.js:139:5:139:56 | [DeclStmt] const element1 = ... | arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:139:5:139:56 | [DeclStmt] const element1 = ... | arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | arrays.js:139:11:139:18 | [VarDecl] element1 | semmle.label | 1 | +| arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | arrays.js:139:11:139:18 | [VarDecl] element1 | semmle.order | 1 | +| arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | +| arrays.js:139:11:139:55 | [VariableDeclarator] element ... (item)) | arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | +| arrays.js:139:22:139:33 | [DotExpr] arr.findLast | arrays.js:139:22:139:24 | [VarRef] arr | semmle.label | 1 | +| arrays.js:139:22:139:33 | [DotExpr] arr.findLast | arrays.js:139:22:139:24 | [VarRef] arr | semmle.order | 1 | +| arrays.js:139:22:139:33 | [DotExpr] arr.findLast | arrays.js:139:26:139:33 | [Label] findLast | semmle.label | 2 | +| arrays.js:139:22:139:33 | [DotExpr] arr.findLast | arrays.js:139:26:139:33 | [Label] findLast | semmle.order | 2 | +| arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:139:22:139:33 | [DotExpr] arr.findLast | semmle.label | 0 | +| arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:139:22:139:33 | [DotExpr] arr.findLast | semmle.order | 0 | +| arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:139:22:139:55 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:139:45:139:54 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:139:45:139:54 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:139:45:139:54 | [CallExpr] sink(item) | arrays.js:139:45:139:48 | [VarRef] sink | semmle.label | 0 | +| arrays.js:139:45:139:54 | [CallExpr] sink(item) | arrays.js:139:45:139:48 | [VarRef] sink | semmle.order | 0 | +| arrays.js:139:45:139:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:139:45:139:54 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:140:5:140:18 | [CallExpr] sink(element1) | arrays.js:140:5:140:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:140:5:140:18 | [CallExpr] sink(element1) | arrays.js:140:5:140:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:140:5:140:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:140:5:140:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:140:5:140:19 | [ExprStmt] sink(element1); | arrays.js:140:5:140:18 | [CallExpr] sink(element1) | semmle.label | 1 | +| arrays.js:140:5:140:19 | [ExprStmt] sink(element1); | arrays.js:140:5:140:18 | [CallExpr] sink(element1) | semmle.order | 1 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:144:5:144:25 | [DeclStmt] const arr = ... | semmle.label | 1 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:144:5:144:25 | [DeclStmt] const arr = ... | semmle.order | 1 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:145:5:145:61 | [DeclStmt] const element1 = ... | semmle.label | 2 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:145:5:145:61 | [DeclStmt] const element1 = ... | semmle.order | 2 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:146:5:146:19 | [ExprStmt] sink(element1); | semmle.label | 3 | +| arrays.js:143:3:147:3 | [BlockStmt] { c ... OK } | arrays.js:146:5:146:19 | [ExprStmt] sink(element1); | semmle.order | 3 | +| arrays.js:144:5:144:25 | [DeclStmt] const arr = ... | arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | semmle.label | 1 | +| arrays.js:144:5:144:25 | [DeclStmt] const arr = ... | arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | semmle.order | 1 | +| arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | arrays.js:144:11:144:13 | [VarDecl] arr | semmle.label | 1 | +| arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | arrays.js:144:11:144:13 | [VarDecl] arr | semmle.order | 1 | +| arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | arrays.js:144:17:144:24 | [CallExpr] source() | semmle.label | 2 | +| arrays.js:144:11:144:24 | [VariableDeclarator] arr = source() | arrays.js:144:17:144:24 | [CallExpr] source() | semmle.order | 2 | +| arrays.js:144:17:144:24 | [CallExpr] source() | arrays.js:144:17:144:22 | [VarRef] source | semmle.label | 0 | +| arrays.js:144:17:144:24 | [CallExpr] source() | arrays.js:144:17:144:22 | [VarRef] source | semmle.order | 0 | +| arrays.js:145:5:145:61 | [DeclStmt] const element1 = ... | arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | semmle.label | 1 | +| arrays.js:145:5:145:61 | [DeclStmt] const element1 = ... | arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | semmle.order | 1 | +| arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | arrays.js:145:11:145:18 | [VarDecl] element1 | semmle.label | 1 | +| arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | arrays.js:145:11:145:18 | [VarDecl] element1 | semmle.order | 1 | +| arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.label | 2 | +| arrays.js:145:11:145:60 | [VariableDeclarator] element ... (item)) | arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | semmle.order | 2 | +| arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | arrays.js:145:22:145:24 | [VarRef] arr | semmle.label | 1 | +| arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | arrays.js:145:22:145:24 | [VarRef] arr | semmle.order | 1 | +| arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | arrays.js:145:26:145:38 | [Label] findLastIndex | semmle.label | 2 | +| arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | arrays.js:145:26:145:38 | [Label] findLastIndex | semmle.order | 2 | +| arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | semmle.label | 0 | +| arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | arrays.js:145:22:145:38 | [DotExpr] arr.findLastIndex | semmle.order | 0 | +| arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:145:22:145:60 | [MethodCallExpr] arr.fin ... (item)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:145:50:145:59 | [CallExpr] sink(item) | semmle.label | 5 | +| arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | arrays.js:145:50:145:59 | [CallExpr] sink(item) | semmle.order | 5 | +| arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| arrays.js:145:50:145:59 | [CallExpr] sink(item) | arrays.js:145:50:145:53 | [VarRef] sink | semmle.label | 0 | +| arrays.js:145:50:145:59 | [CallExpr] sink(item) | arrays.js:145:50:145:53 | [VarRef] sink | semmle.order | 0 | +| arrays.js:145:50:145:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:145:50:145:59 | [CallExpr] sink(item) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:146:5:146:18 | [CallExpr] sink(element1) | arrays.js:146:5:146:8 | [VarRef] sink | semmle.label | 0 | +| arrays.js:146:5:146:18 | [CallExpr] sink(element1) | arrays.js:146:5:146:8 | [VarRef] sink | semmle.order | 0 | +| arrays.js:146:5:146:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 | +| arrays.js:146:5:146:18 | [CallExpr] sink(element1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 | +| arrays.js:146:5:146:19 | [ExprStmt] sink(element1); | arrays.js:146:5:146:18 | [CallExpr] sink(element1) | semmle.label | 1 | +| arrays.js:146:5:146:19 | [ExprStmt] sink(element1); | arrays.js:146:5:146:18 | [CallExpr] sink(element1) | semmle.order | 1 | | file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.label | 0 | | file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.order | 0 | | file://:0:0:0:0 | (Arguments) | arrays.js:8:12:8:17 | [VarRef] source | semmle.label | 0 | @@ -2046,80 +2080,82 @@ edges | file://:0:0:0:0 | (Arguments) | arrays.js:93:8:93:17 | [MethodCallExpr] arr.at(-1) | semmle.order | 0 | | file://:0:0:0:0 | (Arguments) | arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.label | 0 | | file://:0:0:0:0 | (Arguments) | arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:25:99:25 | [Literal] 0 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:25:99:25 | [Literal] 0 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:28:99:28 | [Literal] 0 | semmle.label | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:28:99:28 | [Literal] 0 | semmle.order | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:31:99:38 | [Literal] "source" | semmle.label | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:99:31:99:38 | [Literal] "source" | semmle.order | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:100:8:100:17 | [MethodCallExpr] arr8.pop() | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:100:8:100:17 | [MethodCallExpr] arr8.pop() | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:41:103:41 | [Literal] 0 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:41:103:41 | [Literal] 0 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:44:103:44 | [Literal] 0 | semmle.label | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:44:103:44 | [Literal] 0 | semmle.order | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:47:103:52 | [Literal] "safe" | semmle.label | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:47:103:52 | [Literal] "safe" | semmle.order | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:55:103:62 | [Literal] "source" | semmle.label | 3 | -| file://:0:0:0:0 | (Arguments) | arrays.js:103:55:103:62 | [Literal] "source" | semmle.order | 3 | -| file://:0:0:0:0 | (Arguments) | arrays.js:105:8:105:25 | [MethodCallExpr] arr8_variant.pop() | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:105:8:105:25 | [MethodCallExpr] arr8_variant.pop() | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:39:108:39 | [Literal] 0 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:39:108:39 | [Literal] 0 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:42:108:42 | [Literal] 0 | semmle.label | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:42:108:42 | [Literal] 0 | semmle.order | 1 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:45:108:50 | [SpreadElement] ...arr | semmle.label | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:108:45:108:50 | [SpreadElement] ...arr | semmle.order | 2 | -| file://:0:0:0:0 | (Arguments) | arrays.js:109:8:109:24 | [MethodCallExpr] arr8_spread.pop() | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:109:8:109:24 | [MethodCallExpr] arr8_spread.pop() | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:111:8:111:33 | [MethodCallExpr] arr.fin ... llback) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:111:21:111:32 | [VarRef] someCallback | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:111:21:111:32 | [VarRef] someCallback | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:115:35:115:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:115:50:115:53 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:115:50:115:53 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:116:10:116:16 | [VarRef] element | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:116:10:116:16 | [VarRef] element | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:121:31:121:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:121:46:121:49 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:121:46:121:49 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:122:10:122:16 | [VarRef] element | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:122:10:122:16 | [VarRef] element | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:127:40:127:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:127:55:127:58 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:127:55:127:58 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:128:10:128:16 | [VarRef] element | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:128:10:128:16 | [VarRef] element | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:132:31:132:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:132:46:132:49 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:132:46:132:49 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:133:10:133:17 | [VarRef] element1 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:133:10:133:17 | [VarRef] element1 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:138:35:138:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:138:50:138:53 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:138:50:138:53 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:139:10:139:17 | [VarRef] element1 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:139:10:139:17 | [VarRef] element1 | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:144:40:144:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:144:55:144:58 | [VarRef] item | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:144:55:144:58 | [VarRef] item | semmle.order | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:145:10:145:17 | [VarRef] element1 | semmle.label | 0 | -| file://:0:0:0:0 | (Arguments) | arrays.js:145:10:145:17 | [VarRef] element1 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:25:100:25 | [Literal] 0 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:25:100:25 | [Literal] 0 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:28:100:28 | [Literal] 0 | semmle.label | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:28:100:28 | [Literal] 0 | semmle.order | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:31:100:38 | [Literal] "source" | semmle.label | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:100:31:100:38 | [Literal] "source" | semmle.order | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:101:8:101:17 | [MethodCallExpr] arr8.pop() | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:101:8:101:17 | [MethodCallExpr] arr8.pop() | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:41:104:41 | [Literal] 0 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:41:104:41 | [Literal] 0 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:44:104:44 | [Literal] 0 | semmle.label | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:44:104:44 | [Literal] 0 | semmle.order | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:47:104:52 | [Literal] "safe" | semmle.label | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:47:104:52 | [Literal] "safe" | semmle.order | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:55:104:62 | [Literal] "source" | semmle.label | 3 | +| file://:0:0:0:0 | (Arguments) | arrays.js:104:55:104:62 | [Literal] "source" | semmle.order | 3 | +| file://:0:0:0:0 | (Arguments) | arrays.js:106:8:106:25 | [MethodCallExpr] arr8_variant.pop() | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:106:8:106:25 | [MethodCallExpr] arr8_variant.pop() | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:39:109:39 | [Literal] 0 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:39:109:39 | [Literal] 0 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:42:109:42 | [Literal] 0 | semmle.label | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:42:109:42 | [Literal] 0 | semmle.order | 1 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:45:109:50 | [SpreadElement] ...arr | semmle.label | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:109:45:109:50 | [SpreadElement] ...arr | semmle.order | 2 | +| file://:0:0:0:0 | (Arguments) | arrays.js:110:8:110:24 | [MethodCallExpr] arr8_spread.pop() | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:110:8:110:24 | [MethodCallExpr] arr8_spread.pop() | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:112:8:112:33 | [MethodCallExpr] arr.fin ... llback) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:112:21:112:32 | [VarRef] someCallback | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:112:21:112:32 | [VarRef] someCallback | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:116:35:116:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:116:50:116:53 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:116:50:116:53 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:117:10:117:16 | [VarRef] element | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:117:10:117:16 | [VarRef] element | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:122:31:122:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:122:46:122:49 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:122:46:122:49 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:123:10:123:16 | [VarRef] element | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:123:10:123:16 | [VarRef] element | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:128:40:128:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:128:55:128:58 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:128:55:128:58 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:129:10:129:16 | [VarRef] element | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:129:10:129:16 | [VarRef] element | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:133:31:133:50 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:133:46:133:49 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:133:46:133:49 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:134:10:134:17 | [VarRef] element1 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:134:10:134:17 | [VarRef] element1 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:139:35:139:54 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:139:50:139:53 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:139:50:139:53 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:140:10:140:17 | [VarRef] element1 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:140:10:140:17 | [VarRef] element1 | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:145:40:145:59 | [ArrowFunctionExpr] (item) => sink(item) | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:145:55:145:58 | [VarRef] item | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:145:55:145:58 | [VarRef] item | semmle.order | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:146:10:146:17 | [VarRef] element1 | semmle.label | 0 | +| file://:0:0:0:0 | (Arguments) | arrays.js:146:10:146:17 | [VarRef] element1 | semmle.order | 0 | | file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.label | 0 | | file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.order | 0 | | file://:0:0:0:0 | (Parameters) | arrays.js:16:12:16:12 | [SimpleParameter] e | semmle.label | 0 | @@ -2134,21 +2170,21 @@ edges | file://:0:0:0:0 | (Parameters) | arrays.js:53:26:53:26 | [SimpleParameter] i | semmle.order | 1 | | file://:0:0:0:0 | (Parameters) | arrays.js:53:29:53:31 | [SimpleParameter] ary | semmle.label | 2 | | file://:0:0:0:0 | (Parameters) | arrays.js:53:29:53:31 | [SimpleParameter] ary | semmle.order | 2 | -| file://:0:0:0:0 | (Parameters) | arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.order | 0 | | file://:0:0:0:0 | (Parameters) | arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.label | 0 | | file://:0:0:0:0 | (Parameters) | arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:115:36:115:39 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:115:36:115:39 | [SimpleParameter] item | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:121:32:121:35 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:121:32:121:35 | [SimpleParameter] item | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:127:41:127:44 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:127:41:127:44 | [SimpleParameter] item | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:132:32:132:35 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:132:32:132:35 | [SimpleParameter] item | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:138:36:138:39 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:138:36:138:39 | [SimpleParameter] item | semmle.order | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:144:41:144:44 | [SimpleParameter] item | semmle.label | 0 | -| file://:0:0:0:0 | (Parameters) | arrays.js:144:41:144:44 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:116:36:116:39 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:116:36:116:39 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:122:32:122:35 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:122:32:122:35 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:128:41:128:44 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:128:41:128:44 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:133:32:133:35 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:133:32:133:35 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:139:36:139:39 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:139:36:139:39 | [SimpleParameter] item | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:145:41:145:44 | [SimpleParameter] item | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | arrays.js:145:41:145:44 | [SimpleParameter] item | semmle.order | 0 | graphProperties | semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected index 437c60684f8..ef95465e01a 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected @@ -1,3 +1,5 @@ -| tst.js:4:10:4:10 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:9:14:9:14 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:12:10:12:10 | x | tst.js:2:13:2:20 | SOURCE() | +legacyDataFlowDifference +flow +| tst.js:2:13:2:20 | SOURCE() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:9:14:9:14 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:12:10:12:10 | x | diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql index 595d7797d36..26727608775 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql @@ -1,33 +1,50 @@ import javascript -class Configuration extends DataFlow::Configuration { - Configuration() { this = "SimpleBarrierGuard" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::InvokeNode).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::InvokeNode call | call.getCalleeName() = "SINK" and sink = call.getArgument(0) ) } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof SimpleBarrierGuardNode + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } -class SimpleBarrierGuardNode extends DataFlow::BarrierGuardNode, DataFlow::InvokeNode { +module TestFlow = DataFlow::Global; + +class SimpleBarrierGuardNode extends DataFlow::InvokeNode { SimpleBarrierGuardNode() { this.getCalleeName() = "BARRIER" } - override predicate blocks(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, source +deprecated class SimpleBarrierGuardNodeLegacy extends DataFlow::BarrierGuardNode instanceof SimpleBarrierGuardNode +{ + override predicate blocks(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } +} + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof SimpleBarrierGuardNodeLegacy + } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Classes/tests.expected b/javascript/ql/test/library-tests/Classes/tests.expected index 1d4cce399de..aadd449349c 100644 --- a/javascript/ql/test/library-tests/Classes/tests.expected +++ b/javascript/ql/test/library-tests/Classes/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference test_FieldInits | dataflow.js:5:3:5:17 | #priv = source; | dataflow.js:5:11:5:16 | source | | fields.js:3:3:3:8 | y = 42 | fields.js:3:7:3:8 | 42 | @@ -287,9 +288,6 @@ getAccessModifier | tst.js:12:3:12:8 | m() {} | tst.js:12:3:12:3 | m | Public | | tst.js:13:3:13:10 | [m]() {} | tst.js:13:4:13:4 | m | Public | | tst.js:17:3:17:20 | m() { return 42; } | tst.js:17:3:17:3 | m | Public | -dataflow -| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | -| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | staticInitializer | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:6:10:8:3 | {\\n M ... 3;\\n } | | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:15:10:17:3 | {\\n t ... 6;\\n } | @@ -312,3 +310,6 @@ privateIdentifier | privateFields.js:37:12:37:17 | #brand | | privateFields.js:37:29:37:35 | #method | | privateFields.js:37:47:37:53 | #getter | +dataflow +| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | +| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | diff --git a/javascript/ql/test/library-tests/Classes/tests.ql b/javascript/ql/test/library-tests/Classes/tests.ql index cd236367152..2fec85f768c 100644 --- a/javascript/ql/test/library-tests/Classes/tests.ql +++ b/javascript/ql/test/library-tests/Classes/tests.ql @@ -57,22 +57,30 @@ query string getAccessModifier(DataFlow::PropRef ref, Expr prop) { if ref.isPrivateField() then result = "Private" else result = "Public" } -class Configuration extends DataFlow::Configuration { - Configuration() { this = "ClassDataFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().(StringLiteral).getValue().toLowerCase() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate dataflow(DataFlow::Node pred, DataFlow::Node succ) { - any(Configuration c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataflow = TestFlow::flow/2; + query BlockStmt staticInitializer(ClassDefinition cd) { result = cd.getAStaticInitializerBlock() } query Identifier privateIdentifier() { result.getName().matches("#%") } diff --git a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql index 2c56d41ab4d..ac213ba2624 100644 --- a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql +++ b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql @@ -1,6 +1,7 @@ import javascript -class Configuration extends TaintTracking::Configuration { +// Note: this test has not been ported to ConfigSig, because isAdditionalLoadStep has no equivalent there +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PromiseFlowTestingConfig" } override predicate isSource(DataFlow::Node source) { @@ -33,6 +34,6 @@ class Configuration extends TaintTracking::Configuration { } } -from DataFlow::Node pred, DataFlow::Node succ, Configuration cfg -where cfg.hasFlow(pred, succ) -select pred, succ +deprecated query predicate flow(DataFlow::Node source, DataFlow::Node sink) { + any(Configuration cfg).hasFlow(source, sink) +} diff --git a/javascript/ql/test/library-tests/DataFlow/tests.expected b/javascript/ql/test/library-tests/DataFlow/tests.expected index d4c55bdd8a1..3637927d0e2 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.expected +++ b/javascript/ql/test/library-tests/DataFlow/tests.expected @@ -15,13 +15,14 @@ basicBlock | arguments.js:1:1:12:4 | (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:1:12:4 | exceptional return of (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:1:1 | this | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | -| arguments.js:1:2:12:1 | 'arguments' object of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | +| arguments.js:1:2:12:1 | [function self-reference] functio ... , 3);\\n} | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | exceptional return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | functio ... , 3);\\n} | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:12:1 | return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:2:4 | this | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:2:5 | arguments | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | 'arguments' object of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | +| arguments.js:2:5:10:5 | [function self-reference] functio ... ;\\n } | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | exceptional return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | functio ... ;\\n } | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:10:5 | return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | @@ -68,7 +69,7 @@ basicBlock | arguments.js:11:13:11:13 | 3 | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | -| eval.js:1:1:5:1 | 'arguments' object of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | +| eval.js:1:1:5:1 | [function self-reference] functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | exceptional return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:5:1 | return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | @@ -88,7 +89,7 @@ basicBlock | sources.js:1:5:1:12 | (x => x) | sources.js:1:1:1:0 | entry node of | | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | -| sources.js:1:6:1:11 | 'arguments' object of anonymous function | sources.js:1:6:1:5 | entry node of x => x | +| sources.js:1:6:1:11 | [function self-reference] x => x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | exceptional return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | x => x | sources.js:1:1:1:0 | entry node of | @@ -97,7 +98,7 @@ basicBlock | sources.js:3:1:5:6 | (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of | | sources.js:3:1:5:6 | exceptional return of (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:3:1 | this | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | -| sources.js:3:2:5:1 | 'arguments' object of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | +| sources.js:3:2:5:1 | [function self-reference] functio ... x+19;\\n} | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | exceptional return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | functio ... x+19;\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:5:1 | return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | @@ -109,7 +110,7 @@ basicBlock | sources.js:5:4:5:5 | 23 | sources.js:1:1:1:0 | entry node of | | sources.js:7:1:7:3 | /x/ | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:9:0 | this | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | -| sources.js:9:1:12:1 | 'arguments' object of function foo | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | +| sources.js:9:1:12:1 | [function self-reference] functio ... ey; }\\n} | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | exceptional return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | functio ... ey; }\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:12:1 | return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | @@ -146,7 +147,7 @@ basicBlock | tst2.ts:4:3:4:3 | x | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:7:1:7:0 | A | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:7:0 | this | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | -| tst2.ts:7:1:9:1 | 'arguments' object of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | +| tst2.ts:7:1:9:1 | [function self-reference] functio ... = 23;\\n} | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | exceptional return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | functio ... = 23;\\n} | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:7:1:9:1 | return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | @@ -167,9 +168,9 @@ basicBlock | tst2.ts:13:7:13:16 | StringList | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:13:26:13:29 | List | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:13:26:13:37 | List | tst2.ts:1:1:1:0 | entry node of | -| tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | (...arg ... rgs); } | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:13:39:13:38 | ...args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | +| tst2.ts:13:39:13:38 | [function self-reference] (...arg ... rgs); } | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | @@ -235,7 +236,7 @@ basicBlock | tst.js:16:1:20:9 | (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:1:20:9 | exceptional return of (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:16:1 | this | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | -| tst.js:16:2:20:1 | 'arguments' object of function f | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | +| tst.js:16:2:20:1 | [function self-reference] functio ... n "";\\n} | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | | tst.js:16:2:20:1 | exceptional return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | | tst.js:16:2:20:1 | functio ... n "";\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:20:1 | return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | @@ -269,14 +270,14 @@ basicBlock | tst.js:28:1:30:3 | (() =>\\n ... les\\n)() | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:28:1:30:3 | exceptional return of (() =>\\n ... les\\n)() | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:28:2:28:1 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | -| tst.js:28:2:29:3 | 'arguments' object of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | () =>\\n x | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:28:2:29:3 | [function self-reference] () =>\\n x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | exceptional return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:29:3:29:3 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:32:1:32:0 | this | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:32:0 | x | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | -| tst.js:32:1:34:1 | 'arguments' object of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | +| tst.js:32:1:34:1 | [function self-reference] functio ... ables\\n} | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | exceptional return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | functio ... ables\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:32:1:34:1 | return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | @@ -300,8 +301,8 @@ basicBlock | tst.js:39:3:41:3 | m() {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:39:3:41:3 | m() {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:39:4:39:3 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | -| tst.js:39:4:41:3 | 'arguments' object of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | () {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:39:4:41:3 | [function self-reference] () {\\n this;\\n } | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | exceptional return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:40:5:40:8 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | @@ -325,8 +326,8 @@ basicBlock | tst.js:50:3:53:3 | constru ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:50:3:53:3 | constru ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:50:14:50:13 | this | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | -| tst.js:50:14:53:3 | 'arguments' object of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | () {\\n ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:50:14:53:3 | [function self-reference] () {\\n ... et`\\n } | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | exceptional return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:51:5:51:9 | super | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | @@ -352,7 +353,7 @@ basicBlock | tst.js:62:1:62:4 | o::g | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:62:4:62:4 | g | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:64:0 | this | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | -| tst.js:64:1:67:1 | 'arguments' object of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | +| tst.js:64:1:67:1 | [function self-reference] functio ... lysed\\n} | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | exceptional return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:67:1 | return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | @@ -376,7 +377,7 @@ basicBlock | tst.js:69:6:69:9 | next | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:69:11:69:12 | 23 | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:71:0 | this | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | -| tst.js:71:1:73:1 | 'arguments' object of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | +| tst.js:71:1:73:1 | [function self-reference] async f ... lysed\\n} | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | async f ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:73:1 | exceptional return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | @@ -419,7 +420,7 @@ basicBlock | tst.js:87:1:96:2 | (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:1:96:2 | exceptional return of (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:87:1 | this | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | -| tst.js:87:2:92:1 | 'arguments' object of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | +| tst.js:87:2:92:1 | [function self-reference] functio ... + z;\\n} | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | exceptional return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:92:1 | return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | @@ -473,7 +474,7 @@ basicBlock | tst.js:98:1:103:17 | (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:1:103:17 | exceptional return of (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:98:1 | this | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | -| tst.js:98:2:103:1 | 'arguments' object of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | +| tst.js:98:2:103:1 | [function self-reference] functio ... + z;\\n} | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | exceptional return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:103:1 | return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | @@ -515,7 +516,7 @@ basicBlock | tst.js:105:6:105:6 | y | tst.js:105:6:105:6 | y | | tst.js:107:1:113:2 | (functi ... v2c;\\n}) | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:107:1 | this | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | -| tst.js:107:2:113:1 | 'arguments' object of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | +| tst.js:107:2:113:1 | [function self-reference] functio ... v2c;\\n} | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | exceptional return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | functio ... v2c;\\n} | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:113:1 | return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | @@ -998,6 +999,7 @@ flowStep | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | +| tst2.ts:13:39:13:38 | this | tst2.ts:13:39:13:38 | implicit 'this' | | tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number | | tst.js:1:1:1:1 | x | tst.js:3:5:3:5 | x | | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs | @@ -1078,6 +1080,7 @@ flowStep | tst.js:46:10:46:11 | "" | tst.js:46:1:46:11 | global = "" | | tst.js:49:1:54:1 | A | tst.js:55:1:55:1 | A | | tst.js:49:1:54:1 | class A ... `\\n }\\n} | tst.js:49:1:54:1 | A | +| tst.js:50:14:50:13 | this | tst.js:51:5:51:9 | implicit 'this' | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:64:11:64:11 | h | | tst.js:64:11:64:11 | h | tst.js:68:12:68:12 | h | | tst.js:68:5:68:14 | iter | tst.js:69:1:69:4 | iter | @@ -1184,6 +1187,7 @@ getImmediatePredecessor | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | +| tst2.ts:13:39:13:38 | this | tst2.ts:13:39:13:38 | implicit 'this' | | tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number | | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs | | tst.js:1:10:1:11 | fs | tst.js:7:1:7:2 | fs | @@ -1246,6 +1250,7 @@ getImmediatePredecessor | tst.js:46:10:46:11 | "" | tst.js:46:1:46:11 | global = "" | | tst.js:49:1:54:1 | A | tst.js:55:1:55:1 | A | | tst.js:49:1:54:1 | class A ... `\\n }\\n} | tst.js:49:1:54:1 | A | +| tst.js:50:14:50:13 | this | tst.js:51:5:51:9 | implicit 'this' | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:64:11:64:11 | h | | tst.js:64:11:64:11 | h | tst.js:68:12:68:12 | h | | tst.js:68:5:68:14 | iter | tst.js:69:1:69:4 | iter | @@ -1442,7 +1447,6 @@ incomplete | tst.js:117:10:117:24 | exceptional return of Object.seal(x1) | call | | tst.js:117:22:117:23 | x1 | global | noBasicBlock -| file://:0:0:0:0 | global access path | | tst.js:1:10:1:11 | fs | | tst.js:1:10:1:11 | fs | | tst.js:1:20:1:23 | 'fs' | @@ -1460,7 +1464,6 @@ sources | arguments.js:1:1:1:0 | this | | arguments.js:1:1:12:4 | (functi ... );\\n})() | | arguments.js:1:2:1:1 | this | -| arguments.js:1:2:12:1 | 'arguments' object of anonymous function | | arguments.js:1:2:12:1 | functio ... , 3);\\n} | | arguments.js:1:2:12:1 | return of anonymous function | | arguments.js:2:5:2:4 | this | @@ -1476,7 +1479,6 @@ sources | arguments.js:11:5:11:14 | f(1, 2, 3) | | eval.js:1:1:1:0 | this | | eval.js:1:1:1:0 | this | -| eval.js:1:1:5:1 | 'arguments' object of function k | | eval.js:1:1:5:1 | functio ... eval`\\n} | | eval.js:1:1:5:1 | return of function k | | eval.js:3:3:3:6 | eval | @@ -1486,18 +1488,15 @@ sources | sources.js:1:1:1:0 | this | | sources.js:1:1:1:12 | new (x => x) | | sources.js:1:6:1:6 | x | -| sources.js:1:6:1:11 | 'arguments' object of anonymous function | | sources.js:1:6:1:11 | return of anonymous function | | sources.js:1:6:1:11 | x => x | | sources.js:3:1:5:6 | (functi ... \\n})(23) | | sources.js:3:2:3:1 | this | -| sources.js:3:2:5:1 | 'arguments' object of anonymous function | | sources.js:3:2:5:1 | functio ... x+19;\\n} | | sources.js:3:2:5:1 | return of anonymous function | | sources.js:3:11:3:11 | x | | sources.js:7:1:7:3 | /x/ | | sources.js:9:1:9:0 | this | -| sources.js:9:1:12:1 | 'arguments' object of function foo | | sources.js:9:1:12:1 | functio ... ey; }\\n} | | sources.js:9:1:12:1 | return of function foo | | sources.js:9:14:9:18 | array | @@ -1507,14 +1506,12 @@ sources | tst2.ts:1:1:1:0 | this | | tst2.ts:3:3:3:8 | setX() | | tst2.ts:7:1:7:0 | this | -| tst2.ts:7:1:9:1 | 'arguments' object of function setX | | tst2.ts:7:1:9:1 | functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | return of function setX | | tst2.ts:8:3:8:5 | A.x | | tst2.ts:11:11:11:13 | A.x | | tst2.ts:13:1:13:40 | class S ... ing> {} | | tst2.ts:13:26:13:29 | List | -| tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList | | tst2.ts:13:39:13:38 | (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | | tst2.ts:13:39:13:38 | return of default constructor of class StringList | @@ -1528,7 +1525,6 @@ sources | tst.js:4:9:4:12 | "hi" | | tst.js:16:1:20:9 | (functi ... ("arg") | | tst.js:16:2:16:1 | this | -| tst.js:16:2:20:1 | 'arguments' object of function f | | tst.js:16:2:20:1 | functio ... n "";\\n} | | tst.js:16:2:20:1 | return of function f | | tst.js:16:13:16:13 | a | @@ -1539,18 +1535,15 @@ sources | tst.js:20:4:20:8 | "arg" | | tst.js:22:7:22:18 | readFileSync | | tst.js:28:1:30:3 | (() =>\\n ... les\\n)() | -| tst.js:28:2:29:3 | 'arguments' object of anonymous function | | tst.js:28:2:29:3 | () =>\\n x | | tst.js:28:2:29:3 | return of anonymous function | | tst.js:32:1:32:0 | this | -| tst.js:32:1:34:1 | 'arguments' object of function g | | tst.js:32:1:34:1 | functio ... ables\\n} | | tst.js:32:1:34:1 | return of function g | | tst.js:32:12:32:12 | b | | tst.js:35:1:35:7 | g(true) | | tst.js:37:9:42:1 | {\\n x: ... ;\\n }\\n} | | tst.js:39:4:39:3 | this | -| tst.js:39:4:41:3 | 'arguments' object of method m | | tst.js:39:4:41:3 | () {\\n this;\\n } | | tst.js:39:4:41:3 | return of method m | | tst.js:43:1:43:3 | o.x | @@ -1562,7 +1555,6 @@ sources | tst.js:49:1:54:1 | class A ... `\\n }\\n} | | tst.js:49:17:49:17 | B | | tst.js:50:14:50:13 | this | -| tst.js:50:14:53:3 | 'arguments' object of constructor of class A | | tst.js:50:14:53:3 | () {\\n ... et`\\n } | | tst.js:50:14:53:3 | return of constructor of class A | | tst.js:51:5:51:13 | super(42) | @@ -1572,7 +1564,6 @@ sources | tst.js:61:3:61:5 | o.m | | tst.js:62:1:62:4 | o::g | | tst.js:64:1:64:0 | this | -| tst.js:64:1:67:1 | 'arguments' object of function h | | tst.js:64:1:67:1 | functio ... lysed\\n} | | tst.js:64:1:67:1 | return of function h | | tst.js:65:3:65:10 | yield 42 | @@ -1581,7 +1572,6 @@ sources | tst.js:69:1:69:9 | iter.next | | tst.js:69:1:69:13 | iter.next(23) | | tst.js:71:1:71:0 | this | -| tst.js:71:1:73:1 | 'arguments' object of function k | | tst.js:71:1:73:1 | async f ... lysed\\n} | | tst.js:71:1:73:1 | return of function k | | tst.js:72:3:72:11 | await p() | @@ -1594,7 +1584,6 @@ sources | tst.js:85:11:85:28 | ( for (v of o) v ) | | tst.js:87:1:96:2 | (functi ... r: 0\\n}) | | tst.js:87:2:87:1 | this | -| tst.js:87:2:92:1 | 'arguments' object of anonymous function | | tst.js:87:2:92:1 | functio ... + z;\\n} | | tst.js:87:2:92:1 | return of anonymous function | | tst.js:87:11:87:24 | { p: x, ...o } | @@ -1605,7 +1594,6 @@ sources | tst.js:92:4:96:1 | {\\n p: ... r: 0\\n} | | tst.js:98:1:103:17 | (functi ... 3, 0 ]) | | tst.js:98:2:98:1 | this | -| tst.js:98:2:103:1 | 'arguments' object of anonymous function | | tst.js:98:2:103:1 | functio ... + z;\\n} | | tst.js:98:2:103:1 | return of anonymous function | | tst.js:98:11:98:24 | [ x, ...rest ] | @@ -1615,7 +1603,6 @@ sources | tst.js:101:7:101:7 | z | | tst.js:103:4:103:16 | [ 19, 23, 0 ] | | tst.js:107:2:107:1 | this | -| tst.js:107:2:113:1 | 'arguments' object of anonymous function | | tst.js:107:2:113:1 | functio ... v2c;\\n} | | tst.js:107:2:113:1 | return of anonymous function | | tst.js:108:7:108:9 | v1a | diff --git a/javascript/ql/test/library-tests/DataFlow/tests.ql b/javascript/ql/test/library-tests/DataFlow/tests.ql index 14a3635b534..8fd5fd694a1 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.ql +++ b/javascript/ql/test/library-tests/DataFlow/tests.ql @@ -23,7 +23,10 @@ query predicate incomplete(DataFlow::Node dfn, DataFlow::Incompleteness cause) { dfn.isIncomplete(cause) } -query predicate noBasicBlock(DataFlow::Node node) { not exists(node.getBasicBlock()) } +query predicate noBasicBlock(DataFlow::Node node) { + (node instanceof DataFlow::ValueNode or node instanceof DataFlow::SsaDefinitionNode) and + not exists(node.getBasicBlock()) +} query predicate parameters(DataFlow::ParameterNode param) { any() } diff --git a/javascript/ql/test/library-tests/FlowLabels/DefaultFlowLabels.ql b/javascript/ql/test/library-tests/FlowLabels/DefaultFlowLabels.ql index 026933fc123..c1a8739afdd 100644 --- a/javascript/ql/test/library-tests/FlowLabels/DefaultFlowLabels.ql +++ b/javascript/ql/test/library-tests/FlowLabels/DefaultFlowLabels.ql @@ -1,3 +1,6 @@ +// Delete test when FlowLabel has been removed +deprecated module; + import javascript // Check which flow labels are materialized by importing `javascript.qll`. diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected new file mode 100644 index 00000000000..35f4edcf1fb --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected @@ -0,0 +1,17 @@ +uniqueToString +uniqueEnclosingCallable +uniqueDominator +localDominator +localSuccessor +uniqueDefiningScope +variableIsCaptured +uniqueLocation +uniqueCfgNode +uniqueWriteTarget +uniqueWriteCfgNode +uniqueReadVariable +closureMustHaveBody +closureAliasMustBeInSameScope +variableAccessAstNesting +uniqueCallableLocation +consistencyOverview diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql new file mode 100644 index 00000000000..1134eee1f2b --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql @@ -0,0 +1 @@ +import semmle.javascript.dataflow.internal.VariableCapture::VariableCaptureOutput::ConsistencyChecks diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected new file mode 100644 index 00000000000..da22cf7e778 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected @@ -0,0 +1,201 @@ +uniqueEnclosingCallable +uniqueCallEnclosingCallable +uniqueType +uniqueNodeLocation +missingLocation +uniqueNodeToString +parameterCallable +localFlowIsLocal +readStepIsLocal +storeStepIsLocal +compatibleTypesReflexive +unreachableNodeCCtx +localCallNodes +postIsNotPre +postHasUniquePre +uniquePostUpdate +postIsInSameCallable +reverseRead +| tst.js:109:11:113:3 | [dynamic parameter array] | Origin of readStep is missing a PostUpdateNode. | +| tst.js:267:28:267:31 | map3 | Origin of readStep is missing a PostUpdateNode. | +argHasPostUpdate +postWithInFlow +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array method with flow into callback | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#filter | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#find / Array#findLast | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in 'array.prototype.find' / 'array-find' | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in Array.from(arg, callback, [thisArg]) | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +viableImplInCallContextTooLarge +uniqueParameterNodeAtPosition +uniqueParameterNodePosition +uniqueContentApprox +identityLocalStep +missingArgumentCall +multipleArgumentCall +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:41 | flowInt ... ()).pop (as accessor call) | Multiple calls for argument node. | +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:43 | flowInt ... ).pop() | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:49 | Math.random (as accessor call) | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:51 | Math.random() | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:67 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:65 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:54 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:67 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:74 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:74 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:51 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:67 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:66 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:69 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:52 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:64 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:66 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:72 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:84 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:56 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:70 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:76 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:57 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:71 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:76 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:54 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:80 | Promise ... ce() }) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:86 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:98 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:77:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:79:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:22 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:84:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:86:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:32 | flowInt ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:54 | flowInt ... value)) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:58 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:72 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:59 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:77 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:57 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:71 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:58 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:76 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:105:13 | Promise.all (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:109:4 | Promise ... e"\\n ]) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:109:9 | Promise ... ]).then (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:113:4 | Promise ... OK\\n }) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:33 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:38 | Promise.resolve(obj) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:12 | array.push (as accessor call) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:38 | array.p ... urce()) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:16 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:18 | array.pop() | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:23 | array2. ... urce()) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:16 | array2.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:30 | array2. ... ink(x)) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:13 | array3.push (as accessor call) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:28 | array3. ... rce()]) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:16 | array3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:30 | array3. ... ink(x)) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:37 | Array.p ... ce.call (as accessor call) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:17 | array4.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:19 | array4.pop() | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:20 | [source()].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:68 | [source ... p()) }) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:62 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:64 | array.pop() | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:16 | array5.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:64 | array5. ... p()) }) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:58 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:60 | array.pop() | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:18 | ["safe"].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:66 | ["safe" ... p()) }) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:60 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:62 | array.pop() | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:26 | map.set ... urce()) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:24 | map.set ... 'safe') | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:21 | map.get('foo') | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:21 | map.get('bar') | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:27 | map.get(getUnkown()) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:10 | map2.set (as accessor call) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:33 | map2.se ... urce()) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:22 | map2.get('foo') | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:22 | map2.get('bar') | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:28 | map2.ge ... kown()) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:10 | map3.set (as accessor call) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:27 | map3.se ... urce()) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:14 | map3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:36 | map3.fo ... value)) | Multiple calls for argument node. | +lambdaCallEnclosingCallableMismatch +speculativeStepAlreadyHasModel diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql new file mode 100644 index 00000000000..02dd5540b6f --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql @@ -0,0 +1,2 @@ +import javascript +import semmle.javascript.dataflow.internal.DataFlowImplConsistency::Consistency diff --git a/javascript/ql/test/library-tests/FlowSummary/test.expected b/javascript/ql/test/library-tests/FlowSummary/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/library-tests/FlowSummary/test.ql b/javascript/ql/test/library-tests/FlowSummary/test.ql new file mode 100644 index 00000000000..e8ca23a423c --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/test.ql @@ -0,0 +1,36 @@ +import javascript +deprecated import utils.test.ConsistencyChecking +import utils.test.InlineSummaries + +DataFlow::CallNode getACall(string name) { + result.getCalleeName() = name + or + result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) +} + +module ConfigArg implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } + + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } +} + +module Configuration = DataFlow::Global; + +class BasicBarrierGuard extends DataFlow::CallNode { + BasicBarrierGuard() { this = getACall("isSafe") } + + predicate blocksExpr(boolean outcome, Expr e) { + outcome = true and e = this.getArgument(0).asExpr() + } +} + +deprecated class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { Configuration::flow(_, result) } +} diff --git a/javascript/ql/test/library-tests/FlowSummary/tst.js b/javascript/ql/test/library-tests/FlowSummary/tst.js new file mode 100644 index 00000000000..f3bf8513840 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/tst.js @@ -0,0 +1,301 @@ +function m1() { + const flowThrough = mkSummary("Argument[0]", "ReturnValue"); + sink(flowThrough(source())); // NOT OK + sink(flowThrough(source() + "x")); // OK - we are not tracking taint in this test + sink(flowThrough("x")); // OK +} + +function m2() { + const flowIntoProp = mkSummary("Argument[0]", "ReturnValue.Member[prop]"); + sink(flowIntoProp(source()).prop); // NOT OK + sink(flowIntoProp(source()).prop2); // OK + sink(flowIntoProp(source())); // OK +} + +function m3() { + const flowOutOfProp = mkSummary("Argument[0].Member[prop]", "ReturnValue"); + sink(flowOutOfProp({ prop: source() })); // NOT OK + sink(flowOutOfProp({ prop2: source() })); // OK + sink(flowOutOfProp(source())); // OK + + const obj = {}; + obj.prop = source(); + sink(flowOutOfProp(obj)); // NOT OK + sink(obj); // OK + sink(obj.prop); // NOT OK +} + +function m4() { + const flowIntoArrayElement = mkSummary("Argument[0]", "ReturnValue.ArrayElement"); + sink(flowIntoArrayElement(source()).pop()); // NOT OK + sink(flowIntoArrayElement(source())[0]); // NOT OK + sink(flowIntoArrayElement(source())[Math.random()]); // NOT OK + sink(flowIntoArrayElement(source()).prop); // OK +} + +function m5() { + const flowOutOfInnerCallback = mkSummary("Argument[0].Parameter[0].Argument[0]", "ReturnValue"); + sink(flowOutOfInnerCallback(cb => { cb(source()); })); // NOT OK [INCONSISTENCY] +} + +async function m6() { + const flowOutOfPromise = mkSummary("Argument[0].Awaited", "ReturnValue"); + const flowIntoPromise = mkSummary("Argument[0]", "ReturnValue.Awaited"); + + sink(flowOutOfPromise(flowIntoPromise(source()))); // NOT OK (although the synchronous flow is technically not possible) + + let data = { prop: source() }; + sink(flowOutOfPromise(flowIntoPromise(data)).prop); // NOT OK + sink(flowOutOfPromise(flowIntoPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(flowOutOfPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(data).prop); // NOT OK - because Awaited allows pass-through of a non-promise value + sink(flowIntoPromise(data).prop); // OK - promise object does not have the 'prop' property + + sink(flowOutOfPromise(Promise.resolve(source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => "safe"))); // OK + sink(flowOutOfPromise(Promise.resolve(source()).then(x => "safe"))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe", y => y))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => x, y => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").then(x => x, y => y))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").catch(err => err))); // OK + + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe").catch(err => err))); // NOT OK + + sink(flowOutOfPromise(Promise.reject(source()).finally(() => "safe").catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.resolve(source()).finally(() => "safe").then(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject("safe").finally(() => { throw source() }).catch(err => err))); // NOT OK + + Promise.resolve("safe") + .then(x => { throw source(); }) + .catch(err => { + sink(err); // NOT OK + }); + + Promise.resolve("safe") + .then(x => { throw source(); }) + .then(x => "safe") + .catch(err => { + sink(err); // NOT OK + }); + + sink(await flowIntoPromise(source())); // NOT OK + flowIntoPromise(source()).then(value => sink(value)); // NOT OK + sink(await flowIntoPromise(flowIntoPromise(source()))); // NOT OK + + async function makePromise() { + return source(); + } + sink(flowOutOfPromise(makePromise())); // NOT OK + + let taintedPromise = new Promise((resolve, reject) => resolve(source())); + sink(flowOutOfPromise(taintedPromise)); // NOT OK + + new Promise((resolve, reject) => resolve(source())).then(x => sink(x)); // NOT OK + new Promise((resolve, reject) => resolve(source())).catch(err => sink(err)); // OK + new Promise((resolve, reject) => reject(source())).then(x => sink(x)); // OK + new Promise((resolve, reject) => reject(source())).catch(err => sink(err)); // NOT OK + + Promise.all([ + flowIntoPromise(source()), + source(), + "safe" + ]).then(([x1, x2, x3]) => { + sink(x1); // NOT OK + sink(x2); // NOT OK + sink(x3); // OK + }); +} + +function m8() { + const flowOutOfCallback = mkSummary("Argument[0].ReturnValue", "ReturnValue"); + + sink(flowOutOfCallback(() => source())); // NOT OK + sink(flowOutOfCallback((source))); // OK + + function sourceCallback() { + return source(); + } + sink(flowOutOfCallback(sourceCallback)); // NOT OK +} + +function m9() { + const flowIntoCallback = mkSummary("Argument[0]", "Argument[1].Parameter[0]"); + + sink(flowIntoCallback(source(), x => sink(x))); // NOT OK + sink(flowIntoCallback("safe", x => sink(x))); // OK + sink(flowIntoCallback(source(), x => ignore(x))); // OK + sink(flowIntoCallback("safe", x => ignore(x))); // OK +} + +function m10() { + const flowThroughCallback = mkSummary([ + ["Argument[0]", "Argument[1].Parameter[0]"], + ["Argument[1].ReturnValue", "ReturnValue"] + ]); + + sink(flowThroughCallback(source(), x => x)); // NOT OK + sink(flowThroughCallback(source(), x => "safe")); // OK + sink(flowThroughCallback("safe", x => x)); // OK + sink(flowThroughCallback("safe", x => "safe")); // OK +} + +function m11() { + const flowFromSideEffectOnParameter = mkSummary("Argument[0].Parameter[0].Member[prop]", "ReturnValue"); + + let data = flowFromSideEffectOnParameter(param => { + param.prop = source(); + }); + sink(data); // NOT OK + + function manullyWritten(param) { + param.prop = source(); + } + let obj = {}; + manullyWritten(obj); + sink(obj.prop); // NOT OK +} + +async function m13() { + async function testStoreBack(x) { + (await x).prop = source(); + } + const obj = {}; + const promise = Promise.resolve(obj); + testStoreBack(promise); + sink(obj.prop); // NOT OK [INCONSISTENCY] + sink(promise.prop); // OK [INCONSISTENCY] + sink((await promise).prop); // NOT OK + + const obj2 = {}; + testStoreBack(obj2); + sink(obj2.prop);; // NOT OK +} + +function m14() { + const flowOutOfAnyArgument = mkSummary("Argument[0..]", "ReturnValue"); + sink(flowOutOfAnyArgument(source())); // NOT OK + sink(flowOutOfAnyArgument(source(), "safe", "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", "safe")); // OK + + const flowOutOfAnyArgumentExceptFirst = mkSummary("Argument[1..]", "ReturnValue"); + sink(flowOutOfAnyArgumentExceptFirst(source())); // OK + sink(flowOutOfAnyArgumentExceptFirst(source(), "safe", "safe")); // OK + sink(flowOutOfAnyArgumentExceptFirst("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", "safe")); // OK + + const flowIntoAnyParameter = mkSummary("Argument[0]", "Argument[1].Parameter[0..]"); + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x1)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x3)); // NOT OK + + const flowIntoAnyParameterExceptFirst = mkSummary("Argument[0]", "Argument[1].Parameter[1..]"); + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x1)); // OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x3)); // NOT OK +} + +function m15() { + const array = []; + array.push("safe", "safe", source()); + sink(array.pop()); // NOT OK + + const array2 = []; + array2.push(source()); + array2.push("safe"); + array2.push("safe"); + array2.forEach(x => sink(x)); // NOT OK + + const array3 = []; + array3.push(...[source()]); + array3.forEach(x => sink(x)); // NOT OK + + const array4 = [source()]; + array4 = Array.prototype.slice.call(array4); + sink(array4.pop()); // NOT OK + + [source()].forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + const array5 = [source()]; + array5.forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + ["safe"].forEach((value, index, array) => { sink(array.pop()) }); // OK +} + +function m16() { + const array0 = [source(), 'safe', 'safe']; + sink(array0[0]); // NOT OK + sink(array0[1]); // OK + sink(array0[2]); // OK + + const array1 = ['safe', source(), 'safe']; + sink(array1[0]); // OK + sink(array1[1]); // NOT OK + sink(array1[2]); // OK + + const array2 = ['safe', 'safe', source()]; + sink(array2[0]); // OK + sink(array2[1]); // OK + sink(array2[2]); // NOT OK +} + +function m17() { + const map = new Map(); + map.set('foo', source()); + map.set('bar', 'safe'); + + sink(map.get('foo')); // NOT OK + sink(map.get('bar')); // OK + sink(map.get(getUnkown())); // NOT OK + + const map2 = new Map(); + map2.set(getUnkown(), source()); + sink(map2.get('foo')); // NOT OK + sink(map2.get('bar')); // NOT OK + sink(map2.get(getUnkown())); // NOT OK + + const map3 = new Map(); + map3.set('foo', source()); + map3.forEach(value => sink(value)); // NOT OK + for (let [key, value] of map3) { + sink(value); // NOT OK + } +} + +function m18() { + const staticParam0 = mkSummary("Argument[0]", "ReturnValue"); + const staticParam1 = mkSummary("Argument[1]", "ReturnValue"); + const dynamicParam0 = mkSummary("Argument[0..]", "ReturnValue"); + const dynamicParam1 = mkSummary("Argument[1..]", "ReturnValue"); + + sink(staticParam0(...[source()])); // NOT OK + sink(staticParam0(...["safe", source()])); // OK + sink(staticParam0(...[source(), "safe", ])); // NOT OK + sink(staticParam0("safe", ...[source()])); // OK + sink(staticParam0(source(), ...["safe"])); // NOT OK + + sink(staticParam1(...[source()])); // OK + sink(staticParam1(...["safe", source()])); // NOT OK + sink(staticParam1(...[source(), "safe", ])); // OK + sink(staticParam1("safe", ...[source()])); // NOT OK + sink(staticParam1(source(), ...["safe"])); // OK + + sink(dynamicParam0(...[source()])); // NOT OK + sink(dynamicParam0(...["safe", source()])); // NOT OK + sink(dynamicParam0(...[source(), "safe", ])); // NOT OK + sink(dynamicParam0("safe", ...[source()])); // NOT OK + sink(dynamicParam0(source(), ...["safe"])); // NOT OK + + sink(dynamicParam1(...[source()])); // OK + sink(dynamicParam1(...["safe", source()])); // NOT OK + sink(dynamicParam1(...[source(), "safe", ])); // OK + sink(dynamicParam1("safe", ...[source()])); // NOT OK + sink(dynamicParam1(source(), ...["safe"])); // OK +} diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.expected b/javascript/ql/test/library-tests/Generators/DataFlow.expected index e69de29bb2d..0b23f47de26 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.expected +++ b/javascript/ql/test/library-tests/Generators/DataFlow.expected @@ -0,0 +1,5 @@ +legacyDataFlowDifference +| generators.js:2:16:2:23 | "source" | generators.js:37:10:37:10 | e | only flow with OLD data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:46:10:46:10 | e | only flow with NEW data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:51:10:51:10 | e | only flow with NEW data flow library | +consistencyIssue diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.ql b/javascript/ql/test/library-tests/Generators/DataFlow.ql index 8097cf6063a..f0d07506cf2 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.ql +++ b/javascript/ql/test/library-tests/Generators/DataFlow.ql @@ -1,12 +1,28 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking -class GeneratorFlowConfig extends DataFlow::Configuration { - GeneratorFlowConfig() { this = "GeneratorFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = DataFlow::Global; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "GeneratorFlowConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/Generators/generators.js b/javascript/ql/test/library-tests/Generators/generators.js index 89d5be345dc..dc602f15264 100644 --- a/javascript/ql/test/library-tests/Generators/generators.js +++ b/javascript/ql/test/library-tests/Generators/generators.js @@ -31,6 +31,26 @@ sink(e); // NOT OK } + try { + gen4(); + } catch (e) { + sink(e); // OK - exception is only thrown upon iteration + } + + const iterator = gen4(); + try { + for (let v of iterator) { + sink(v); // OK + } + } catch (e) { + sink(e); // NOT OK + } + try { + Array.from(iterator); + } catch (e) { + sink(e); // NOT OK + } + function *delegating() { yield* delegate(); } diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll index 12edfc8b713..f47fd78c159 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll +++ b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll @@ -1,23 +1,21 @@ import javascript -class TestDataFlowConfiguration extends DataFlow::Configuration { - TestDataFlowConfiguration() { this = "TestDataFlowConfiguration" } - - override predicate isSource(DataFlow::Node src) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -26,3 +24,5 @@ class TestDataFlowConfiguration extends DataFlow::Configuration { node.asExpr().(PropAccess).getPropertyName() = "notTracked" } } + +module TestFlow = DataFlow::Global; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/async.js b/javascript/ql/test/library-tests/InterProceduralFlow/async.js index f91cda9cea8..21b9cb4852e 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/async.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/async.js @@ -11,7 +11,7 @@ return source; } let sink3 = sync(); // NOT OK - let sink4 = await sync(); // OK + let sink4 = await sync(); // NOT OK async function throwsAsync() { throw source; @@ -64,7 +64,7 @@ return x.x; } - var sink8 = unpack(pack(source)); // OK + var sink8 = unpack(pack(source)); // OK let sink9 = unpack(await (pack(source))); // NOT OK - but not found } })(); @@ -75,19 +75,19 @@ async function props() { p: x }; } - + let source = "source"; let sink = (await (foo(source))).p; // NOT OK - this requires the immidiatly awaited storeStep. let sink2 = foo("not a source").p; - + async function getP(base) { return base.p; } - + async function getQ(base) { return base.q; } - + let o3 = { p: source }; let sink6 = await (getP(o3)); // NOT OK - this requires the immidiatly awaited loadStep let sink7 = await (getQ(o3)); diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global.js b/javascript/ql/test/library-tests/InterProceduralFlow/global.js index a7132f1dcb5..99badab76b8 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global.js @@ -9,11 +9,11 @@ function g(x) { let sink1 = g(source1); let sink2 = g(source2); -document.location = source1; // should not flow to `global2.js` in spite of assignment +document.someProp = source1; // should not flow to `global2.js` in spite of assignment // `document = {}` in `fake-document.js` -window.location = source1; +window.someProp = source1; let win = window; -let sink3 = window.location; -let sink4 = win.location; -let sink5 = location; +let sink3 = window.someProp; +let sink4 = win.someProp; +let sink5 = someProp; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js index 258b79a7df9..004a4ce50bb 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js @@ -1,2 +1,2 @@ let remote_sink = source1; -let other_remote_sink = document.location; +let other_remote_sink = document.someProp; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js index 9f1b0c9ba07..83f0b701d10 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js @@ -14,7 +14,7 @@ function setP(base, rhs) { var o = {}; setP(o, source); -var sink3 = o.p; // flow from `source` not yet detected +var sink3 = o.p; var sink4 = o.q; var o2 = {}; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 2088e2c1ca2..aab7951f480 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -4,6 +4,7 @@ dataFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -23,7 +24,6 @@ dataFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -55,11 +55,12 @@ dataFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -105,7 +106,6 @@ taintTracking | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -140,11 +140,12 @@ taintTracking | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -191,6 +192,7 @@ germanFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -211,7 +213,6 @@ germanFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -243,11 +244,12 @@ germanFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql index a490c4c9146..a32e996b6b5 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql @@ -1,62 +1,70 @@ +import javascript import DataFlowConfig -query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(TestDataFlowConfiguration tttc | tttc.hasFlow(src, snk)) -} +query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { TestFlow::flow(src, snk) } -class Parity extends DataFlow::FlowLabel { - Parity() { this = "even" or this = "odd" } +module FlowLabelConfig implements DataFlow::StateConfigSig { + private newtype TFlowState = + TEven() or + TOdd() - Parity flip() { result != this } -} + class FlowState extends TFlowState { + string toString() { + this = TEven() and result = "even" + or + this = TOdd() and result = "odd" + } -class FLowLabelConfig extends DataFlow::Configuration { - FLowLabelConfig() { this = "FLowLabelConfig" } + FlowState flip() { + this = TEven() and result = TOdd() + or + this = TOdd() and result = TEven() + } + } - override predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node nd, FlowState state) { nd.(DataFlow::CallNode).getCalleeName() = "source" and - lbl = "even" + state = TEven() } - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node nd, FlowState state) { nd = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getAnArgument() and - lbl = "even" + state = TEven() } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predLabel, - DataFlow::FlowLabel succLabel + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - exists(DataFlow::CallNode c | c = succ | + exists(DataFlow::CallNode c | c = node2 | c.getCalleeName() = "inc" and - pred = c.getAnArgument() and - succLabel = predLabel.(Parity).flip() + node1 = c.getAnArgument() and + state2 = state1.flip() ) } } -query predicate flowLabels(DataFlow::PathNode source, DataFlow::PathNode sink) { - exists(FLowLabelConfig cfg | cfg.hasFlowPath(source, sink)) +module FlowLabelFlow = DataFlow::GlobalWithState; + +query predicate flowLabels(FlowLabelFlow::PathNode source, FlowLabelFlow::PathNode sink) { + FlowLabelFlow::flowPath(source, sink) } -class TestTaintTrackingConfiguration extends TaintTracking::Configuration { - TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } - - override predicate isSource(DataFlow::Node src) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -66,14 +74,12 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration { } } -query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { - exists(TestTaintTrackingConfiguration tttc | tttc.hasFlow(src, snk)) -} +module TaintFlow = TaintTracking::Global; -class GermanFlowConfig extends DataFlow::Configuration { - GermanFlowConfig() { this = "GermanFlowConfig" } +query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { TaintFlow::flow(src, snk) } - override predicate isSource(DataFlow::Node src) { +module GermanConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() @@ -82,7 +88,7 @@ class GermanFlowConfig extends DataFlow::Configuration { src.asExpr() = any(Variable v | v.getName() = "quelle").getAnAssignedExpr() } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() @@ -91,7 +97,7 @@ class GermanFlowConfig extends DataFlow::Configuration { snk.asExpr() = any(Variable v | v.getName() = "abfluss").getAnAssignedExpr() } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -101,6 +107,6 @@ class GermanFlowConfig extends DataFlow::Configuration { } } -query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(GermanFlowConfig tttc | tttc.hasFlow(src, snk)) -} +module GermanFlow = DataFlow::Global; + +query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { GermanFlow::flow(src, snk) } diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected index c4ce68baa8b..4597c58babe 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:2:11:2:18 | source() | tst.js:8:12:8:12 | x | | tst.js:2:11:2:18 | source() | tst.js:12:12:12:12 | x | | tst.js:2:11:2:18 | source() | tst.js:14:12:14:12 | x | diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql index 002fafb8c2b..fc97fb25d04 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql @@ -1,18 +1,21 @@ +// Delete test when LabelledBarrierGuards have been removed +deprecated module; + import javascript class CustomFlowLabel extends DataFlow::FlowLabel { CustomFlowLabel() { this = "A" or this = "B" } } -class Config extends TaintTracking::Configuration { - Config() { this = "Config" } +module TestConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { node.(DataFlow::CallNode).getCalleeName() = "source" and lbl instanceof CustomFlowLabel } - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" and node = call.getAnArgument() and @@ -20,9 +23,28 @@ class Config extends TaintTracking::Configuration { ) } + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) + } +} + +module TestFlow = TaintTracking::GlobalWithState; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSource(node, lbl) + } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSink(node, lbl) + } + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof IsTypeAGuard or - node instanceof IsSanitizedGuard + node instanceof IsTypeAGuardLegacy or + node instanceof IsSanitizedGuardLegacy } } @@ -30,10 +52,10 @@ class Config extends TaintTracking::Configuration { * A condition that checks what kind of value the input is. Not enough to * sanitize the value, but later sanitizers only need to handle the relevant case. */ -class IsTypeAGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::CallNode { +class IsTypeAGuard extends DataFlow::CallNode { IsTypeAGuard() { this.getCalleeName() = "isTypeA" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and ( outcome = true and lbl = "B" @@ -43,10 +65,16 @@ class IsTypeAGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::C } } -class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::CallNode { +deprecated class IsTypeAGuardLegacy extends IsTypeAGuard, TaintTracking::LabeledSanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } +} + +class IsSanitizedGuard extends DataFlow::CallNode { IsSanitizedGuard() { this.getCalleeName() = "sanitizeA" or this.getCalleeName() = "sanitizeB" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and outcome = true and ( @@ -57,6 +85,16 @@ class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlo } } -from Config cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +deprecated class IsSanitizedGuardLegacy extends IsSanitizedGuard, + TaintTracking::LabeledSanitizerGuardNode +{ + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select source, sink diff --git a/javascript/ql/test/library-tests/Promises/flow.js b/javascript/ql/test/library-tests/Promises/flow.js index 81af660561a..52c8f512a1f 100644 --- a/javascript/ql/test/library-tests/Promises/flow.js +++ b/javascript/ql/test/library-tests/Promises/flow.js @@ -51,7 +51,7 @@ return Promise.resolve(src); } createPromise(source).then(v => sink(v)); // NOT OK! - + var p8 = new Promise((resolve, reject) => reject(source)); var p9 = p8.then(() => {}); var p10 = p9.finally(() => {}); @@ -65,31 +65,31 @@ await new Promise((resolve, reject) => reject(source)); } try { - throws(); + await throws(); } catch(e) { sink(e); // NOT OK! } - + function chainedPromise() { return new Promise((resolve, reject) => reject(source)).then(() => {}); } chainedPromise().then(() => {}).catch(e => sink(e)); // NOT OK! - + function leaksResolvedPromise(p) { p.then(x => sink(x)); // NOT OK! } leaksResolvedPromise(Promise.resolve(source)); - + function leaksRejectedPromise(p) { p.catch(e => sink(e)); // NOT OK! } leaksRejectedPromise(new Promise((resolve, reject) => reject(source))); - + function leaksRejectedAgain(p) { ("foo", p).then(() => {}).catch(e => sink(e)); // NOT OK! } leaksRejectedAgain(new Promise((resolve, reject) => reject(source)).then(() => {})); - + async function returnsRejected(p) { try { await p; @@ -99,48 +99,48 @@ } var foo = await returnsRejected(new Promise((resolve, reject) => reject(source))); sink(foo); // NOT OK! - + new Promise((resolve, reject) => reject("BLA")).catch(x => {return source}).then(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).finally(x => {throw source}).catch(x => sink(x)); // NOT OK - + var rejected = new Promise((resolve, reject) => reject(source)); - + new Promise((resolve, reject) => reject("BLA")).finally(x => rejected).catch(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).catch(x => sink(x)) // NOT OK - + var resolved = Promise.resolve(source); - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).catch(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => resolved).catch(x => sink(x)) // OK - + Promise.resolve(123).then(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).catch(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => resolve(resolved)).then(x => sink(x)); // NOT OK - + Promise.resolve(resolved).then(x => sink(x)); // NOT OK })(); (async function () { var source = "source"; - + async function async() { return source; } sink(async()); // OK - wrapped in a promise. (NOT OK for taint-tracking configs) sink(await async()); // NOT OK - + async function throwsAsync() { throw source; } @@ -165,4 +165,4 @@ const foo = bluebird.mapSeries(source, x => x); sink(foo); // NOT OK (for taint-tracking configs) -}) \ No newline at end of file +}) diff --git a/javascript/ql/test/library-tests/Promises/flow.qll b/javascript/ql/test/library-tests/Promises/flow.qll index 94c2af70674..e49b5092d5f 100644 --- a/javascript/ql/test/library-tests/Promises/flow.qll +++ b/javascript/ql/test/library-tests/Promises/flow.qll @@ -1,39 +1,60 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary +deprecated import utils.test.LegacyDataFlowDiff -class Configuration extends DataFlow::Configuration { - Configuration() { this = "PromiseDataFlowFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module ValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "PromiseTaintFlowTestingConfig" } +module ValueFlow = DataFlow::Global; - override predicate isSource(DataFlow::Node source) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate flow(DataFlow::Node source, DataFlow::Node sink) { - any(Configuration c).hasFlow(source, sink) -} +module TaintFlow = TaintTracking::Global; + +query predicate flow(DataFlow::Node source, DataFlow::Node sink) { ValueFlow::flow(source, sink) } query predicate exclusiveTaintFlow(DataFlow::Node source, DataFlow::Node sink) { - not any(Configuration c).hasFlow(source, sink) and - any(TaintConfig c).hasFlow(source, sink) + not ValueFlow::flow(source, sink) and + TaintFlow::flow(source, sink) } query predicate typetrack(DataFlow::SourceNode succ, DataFlow::SourceNode pred, StepSummary summary) { succ = PromiseTypeTracking::promiseStep(pred, summary) } + +deprecated class LegacyValueConfig extends DataFlow::Configuration { + LegacyValueConfig() { this = "LegacyValueConfig" } + + override predicate isSource(DataFlow::Node source) { ValueFlowConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { ValueFlowConfig::isSink(sink) } +} + +deprecated query predicate valueFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +deprecated class LegacyTaintConfig extends TaintTracking::Configuration { + LegacyTaintConfig() { this = "LegacyTaintConfig" } + + override predicate isSource(DataFlow::Node source) { TaintConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TaintConfig::isSink(sink) } +} + +deprecated query predicate taintFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; diff --git a/javascript/ql/test/library-tests/Promises/flow2.js b/javascript/ql/test/library-tests/Promises/flow2.js index ccafb83fd3f..0a29ed35f8e 100644 --- a/javascript/ql/test/library-tests/Promises/flow2.js +++ b/javascript/ql/test/library-tests/Promises/flow2.js @@ -2,7 +2,7 @@ var source = "source"; Promise.all([source, "clean"]).then((arr) => { - sink(arr); // OK + sink(arr); // NOT OK - implicit read of array element sink(arr[0]); // NOT OK sink(arr[1]); // OK }) @@ -17,11 +17,11 @@ var [clean3, tainted3] = await Promise.all(["clean", Promise.resolve(source)]); sink(clean3); // OK - sink(tainted3); // NOT OK - but only flagged by taint-tracking + sink(tainted3); // NOT OK var tainted4 = await Promise.race(["clean", Promise.resolve(source)]); - sink(tainted4); // NOT OK - but only flagged by taint-tracking + sink(tainted4); // NOT OK var tainted5 = await Promise.any(["clean", Promise.resolve(source)]); - sink(tainted5); // NOT OK - but only flagged by taint-tracking -}); \ No newline at end of file + sink(tainted5); // NOT OK +}); diff --git a/javascript/ql/test/library-tests/Promises/tests.expected b/javascript/ql/test/library-tests/Promises/tests.expected index 3bfe8570322..52c00a11d50 100644 --- a/javascript/ql/test/library-tests/Promises/tests.expected +++ b/javascript/ql/test/library-tests/Promises/tests.expected @@ -237,6 +237,7 @@ flow | flow2.js:2:15:2:22 | "source" | flow2.js:6:8:6:13 | arr[0] | | flow2.js:2:15:2:22 | "source" | flow2.js:12:7:12:13 | tainted | | flow2.js:2:15:2:22 | "source" | flow2.js:16:7:16:14 | tainted2 | +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | | flow2.js:2:15:2:22 | "source" | flow2.js:23:7:23:14 | tainted4 | | flow2.js:2:15:2:22 | "source" | flow2.js:26:7:26:14 | tainted5 | | flow.js:2:15:2:22 | "source" | flow.js:5:7:5:14 | await p1 | @@ -273,7 +274,7 @@ flow | flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() | | flow.js:136:15:136:22 | "source" | flow.js:155:9:155:9 | e | exclusiveTaintFlow -| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | +| flow2.js:2:15:2:22 | "source" | flow2.js:5:8:5:10 | arr | | flow.js:136:15:136:22 | "source" | flow.js:141:7:141:13 | async() | | flow.js:160:15:160:22 | "source" | flow.js:164:39:164:39 | x | | flow.js:160:15:160:22 | "source" | flow.js:167:7:167:9 | foo | @@ -367,6 +368,7 @@ typetrack | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | copy $PromiseResolveField$ | | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | store $PromiseResolveField$ | | flow.js:65:3:65:56 | await n ... ource)) | flow.js:65:9:65:56 | new Pro ... ource)) | load $PromiseResolveField$ | +| flow.js:68:3:68:16 | await throws() | flow.js:68:9:68:16 | throws() | load $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:2:76:32 | chained ... => {}) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | store $PromiseResolveField$ | @@ -462,3 +464,7 @@ typetrack | promises.js:143:17:143:50 | Synchro ... source) | promises.js:143:44:143:49 | source | store $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | copy $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | store $PromiseResolveField$ | +valueFlowDifference +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | only flow with NEW data flow library | +taintFlowDifference +| flow2.js:2:15:2:22 | "source" | flow2.js:5:8:5:10 | arr | only flow with NEW data flow library | diff --git a/javascript/ql/test/library-tests/PropWrite/tests.expected b/javascript/ql/test/library-tests/PropWrite/tests.expected index 0fc9e672baf..c1b7e1e7b56 100644 --- a/javascript/ql/test/library-tests/PropWrite/tests.expected +++ b/javascript/ql/test/library-tests/PropWrite/tests.expected @@ -67,10 +67,10 @@ test_PropWriteRhs | tst.js:41:18:41:24 | ...arr3 | tst.js:41:18:41:24 | ...arr3 | | tst.js:41:27:41:29 | "d" | tst.js:41:27:41:29 | "d" | test_PropWriteBase -| classes.ts:4:3:4:24 | instanc ... foo(); | classes.ts:3:21:3:20 | this | -| classes.ts:8:15:8:35 | public ... erField | classes.ts:8:3:8:2 | this | -| classes.ts:12:17:12:37 | public ... erField | classes.ts:12:5:12:4 | this | -| classes.ts:16:17:16:37 | public ... erField | classes.ts:16:5:16:4 | this | +| classes.ts:4:3:4:24 | instanc ... foo(); | classes.ts:4:3:4:24 | implicit 'this' | +| classes.ts:8:15:8:35 | public ... erField | classes.ts:8:15:8:35 | implicit 'this' | +| classes.ts:12:17:12:37 | public ... erField | classes.ts:12:17:12:37 | implicit 'this' | +| classes.ts:16:17:16:37 | public ... erField | classes.ts:16:17:16:37 | implicit 'this' | | tst.js:2:5:2:8 | x: 4 | tst.js:1:11:9:1 | {\\n x ... }\\n} | | tst.js:3:5:5:5 | func: f ... ;\\n } | tst.js:1:11:9:1 | {\\n x ... }\\n} | | tst.js:6:5:8:5 | f() {\\n ... ;\\n } | tst.js:1:11:9:1 | {\\n x ... }\\n} | diff --git a/javascript/ql/test/library-tests/Routing/test.expected b/javascript/ql/test/library-tests/Routing/test.expected index e69de29bb2d..d65d51bc417 100644 --- a/javascript/ql/test/library-tests/Routing/test.expected +++ b/javascript/ql/test/library-tests/Routing/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Routing/test.ql b/javascript/ql/test/library-tests/Routing/test.ql index f28456a86ea..5758a550b67 100644 --- a/javascript/ql/test/library-tests/Routing/test.ql +++ b/javascript/ql/test/library-tests/Routing/test.ql @@ -1,20 +1,36 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking API::Node testInstance() { result = API::moduleImport("@example/test").getInstance() } -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" or node = testInstance().getMember("getSource").getReturn().asSource() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or node = testInstance().getMember("getSink").getAParameter().asSink() } } + +module TestFlow = TaintTracking::Global; + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected index e69de29bb2d..d65d51bc417 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql index af68a747833..3eb5b9f9704 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql @@ -1,13 +1,29 @@ import javascript private import semmle.javascript.heuristics.AdditionalSources -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - override predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll index 50ac0fbfd24..5408ada4dcc 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll +++ b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll @@ -6,16 +6,14 @@ StringOps::ConcatenationRoot sinkConcatenation() { result.getConstantStringParts().matches("%") } -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" or source = sourceVariable() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -24,19 +22,40 @@ class ExampleConfiguration extends TaintTracking::Configuration { sink = sinkConcatenation() } - override predicate isSanitizerIn(DataFlow::Node node) { node = sourceVariable() } + predicate isBarrierIn(DataFlow::Node node) { node = sourceVariable() } - override predicate isSanitizerOut(DataFlow::Node node) { node = sinkConcatenation() } + predicate isBarrierOut(DataFlow::Node node) { node = sinkConcatenation() } - override predicate isSanitizer(DataFlow::Node node) { + additional predicate isBarrier1(DataFlow::Node node) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SANITIZE" and DataFlow::valueNode(callExpr.getArgument(0)) = node ) } + predicate isBarrier(DataFlow::Node node) { + isBarrier1(node) + or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +module TestFlow = TaintTracking::Global; + +deprecated class ExampleConfiguration extends TaintTracking::Configuration { + ExampleConfiguration() { this = "ExampleConfiguration" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isSanitizerIn(DataFlow::Node node) { TestConfig::isBarrierIn(node) } + + override predicate isSanitizerOut(DataFlow::Node node) { TestConfig::isBarrierOut(node) } + + override predicate isSanitizer(DataFlow::Node node) { TestConfig::isBarrier1(node) } + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - // add additional generic sanitizers guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.expected b/javascript/ql/test/library-tests/TaintBarriers/tests.expected index 4417a918423..32731bbcb7a 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.expected +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference isBarrier isLabeledBarrier | ExampleConfiguration | tst.js:6:14:6:14 | v | taint | diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.ql b/javascript/ql/test/library-tests/TaintBarriers/tests.ql index d63d67cf6b1..11f317edd0e 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.ql +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.ql @@ -1,20 +1,28 @@ import javascript import ExampleConfiguration -query predicate isBarrier(ExampleConfiguration cfg, DataFlow::Node n) { cfg.isBarrier(n) } +deprecated query predicate isBarrier(ExampleConfiguration cfg, DataFlow::Node n) { + cfg.isBarrier(n) +} -query predicate isLabeledBarrier( +deprecated query predicate isLabeledBarrier( ExampleConfiguration cfg, DataFlow::Node n, DataFlow::FlowLabel label ) { cfg.isLabeledBarrier(n, label) } -query predicate isSanitizer(ExampleConfiguration cfg, DataFlow::Node n) { cfg.isSanitizer(n) } +deprecated query predicate isSanitizer(ExampleConfiguration cfg, DataFlow::Node n) { + cfg.isSanitizer(n) +} -query predicate sanitizingGuard(TaintTracking::SanitizerGuardNode g, Expr e, boolean b) { - g.sanitizes(b, e) +deprecated query predicate sanitizingGuard(DataFlow::Node g, Expr e, boolean b) { + g.(TaintTracking::SanitizerGuardNode).sanitizes(b, e) + or + g.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(b, e) } query predicate taintedSink(DataFlow::Node source, DataFlow::Node sink) { - exists(ExampleConfiguration cfg | cfg.hasFlow(source, sink)) + TestFlow::flow(source, sink) } + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b6d5ab1e435..d8ba7545b0d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -1,17 +1,46 @@ -typeInferenceMismatch -| call-apply.js:27:14:27:21 | source() | call-apply.js:3:1:5:1 | 'arguments' object of function foo1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:7:1:9:1 | 'arguments' object of function foo2 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:12:10:12:30 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:16:10:16:40 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:23:1:25:1 | 'arguments' object of function foo1_sink | -| call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:64:3:66:3 | 'arguments' object of function sinkArguments1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:67:3:69:3 | 'arguments' object of function sinkArguments0 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:71:3:74:3 | 'arguments' object of function fowardArguments | -| destruct.js:20:7:20:14 | source() | destruct.js:13:14:13:19 | [a, b] | -#select +legacyDataFlowDifference +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:27:8:27:13 | arr[0] | only flow with OLD data flow library | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:33:8:33:13 | arr[0] | only flow with OLD data flow library | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:35:8:35:13 | arr[2] | only flow with OLD data flow library | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:36:8:36:13 | arr[3] | only flow with OLD data flow library | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:37:8:37:13 | arr[4] | only flow with OLD data flow library | +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | only flow with NEW data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:41:6:41:28 | foo1_ca ... ource]) | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:59:10:59:21 | arguments[1] | only flow with OLD data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| export-taint.js:3:22:3:29 | source() | import-taint.js:7:10:7:25 | mod.object.taint | only flow with OLD data flow library | +| export-taint.js:3:22:3:29 | source() | import-taint.js:14:14:14:29 | mod.object.taint | only flow with OLD data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | +| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library | +| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:17:10:17:10 | a | only flow with OLD data flow library | +| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | +consistencyIssue +| nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | +| stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | +| stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | | addexpr.js:11:15:11:22 | source() | addexpr.js:21:8:21:12 | value | @@ -30,13 +59,8 @@ typeInferenceMismatch | array-mutation.js:75:28:75:35 | source() | array-mutation.js:76:8:76:8 | r | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] | -| arrays-init.js:2:16:2:23 | source() | arrays-init.js:27:8:27:13 | arr[0] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] | -| arrays-init.js:2:16:2:23 | source() | arrays-init.js:33:8:33:13 | arr[0] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] | -| arrays-init.js:2:16:2:23 | source() | arrays-init.js:35:8:35:13 | arr[2] | -| arrays-init.js:2:16:2:23 | source() | arrays-init.js:36:8:36:13 | arr[3] | -| arrays-init.js:2:16:2:23 | source() | arrays-init.js:37:8:37:13 | arr[4] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] | @@ -51,22 +75,19 @@ typeInferenceMismatch | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | foo2.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:29 | foo1_ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:47:6:47:28 | foo1_ca ... ource]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:65:10:65:21 | arguments[1] | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -74,13 +95,42 @@ typeInferenceMismatch | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | | case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) | | case.js:2:16:2:23 | source() | case.js:8:8:8:24 | camelCase(source) | @@ -93,12 +143,15 @@ typeInferenceMismatch | closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) | | closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) | | closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | destruct.js:20:7:20:14 | source() | destruct.js:5:10:5:10 | z | | destruct.js:20:7:20:14 | source() | destruct.js:8:10:8:10 | w | | destruct.js:20:7:20:14 | source() | destruct.js:11:10:11:10 | q | @@ -109,6 +162,7 @@ typeInferenceMismatch | exceptions.js:21:17:21:24 | source() | exceptions.js:24:10:24:21 | e.toString() | | exceptions.js:21:17:21:24 | source() | exceptions.js:25:10:25:18 | e.message | | exceptions.js:21:17:21:24 | source() | exceptions.js:26:10:26:19 | e.fileName | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:32:10:32:10 | e | @@ -122,6 +176,8 @@ typeInferenceMismatch | exceptions.js:144:9:144:16 | source() | exceptions.js:132:8:132:27 | returnThrownSource() | | exceptions.js:150:13:150:20 | source() | exceptions.js:153:10:153:10 | e | | exceptions.js:158:13:158:20 | source() | exceptions.js:161:10:161:10 | e | +| export-taint.js:2:12:2:19 | source() | import-taint.js:6:10:6:18 | mod.taint | +| export-taint.js:2:12:2:19 | source() | import-taint.js:13:14:13:22 | mod.taint | | factory-function.js:21:13:21:20 | source() | factory-function.js:7:10:7:12 | obj | | factory-function.js:22:13:22:20 | source() | factory-function.js:7:10:7:12 | obj | | factory-function.js:26:7:26:14 | source() | factory-function.js:16:14:16:16 | obj | @@ -130,12 +186,14 @@ typeInferenceMismatch | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | json-stringify.js:2:16:2:23 | source() | json-stringify.js:5:8:5:29 | JSON.st ... source) | @@ -162,12 +220,13 @@ typeInferenceMismatch | logical-and.js:2:17:2:24 | source() | logical-and.js:4:10:4:24 | "safe" && taint | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | nested-props.js:77:36:77:43 | source() | nested-props.js:78:10:78:10 | x | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value | @@ -176,7 +235,9 @@ typeInferenceMismatch | promise.js:4:24:4:31 | source() | promise.js:4:8:4:32 | Promise ... urce()) | | promise.js:5:25:5:32 | source() | promise.js:5:8:5:33 | bluebir ... urce()) | | promise.js:10:24:10:31 | source() | promise.js:10:8:10:32 | Promise ... urce()) | -| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | +| promise.js:18:22:18:29 | source() | promise.js:24:10:24:10 | e | +| promise.js:33:21:33:28 | source() | promise.js:38:10:38:10 | e | +| promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data | | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x | | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x | @@ -191,16 +252,19 @@ typeInferenceMismatch | sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:26:9:26:14 | this.x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x | -| spread.js:2:15:2:22 | source() | spread.js:4:8:4:19 | { ...taint } | -| spread.js:2:15:2:22 | source() | spread.js:5:8:5:43 | { f: 'h ... orld' } | -| spread.js:2:15:2:22 | source() | spread.js:7:8:7:19 | [ ...taint ] | -| spread.js:2:15:2:22 | source() | spread.js:8:8:8:28 | [ 1, 2, ... nt, 3 ] | +| spread.js:4:15:4:22 | source() | spread.js:6:8:6:19 | { ...taint } | +| spread.js:4:15:4:22 | source() | spread.js:7:8:7:43 | { f: 'h ... orld' } | +| spread.js:4:15:4:22 | source() | spread.js:9:8:9:19 | [ ...taint ] | +| spread.js:4:15:4:22 | source() | spread.js:10:8:10:28 | [ 1, 2, ... nt, 3 ] | +| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | +| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:5:14:5:22 | RegExp.$1 | | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:15:14:15:22 | RegExp.$1 | | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:17:14:17:22 | RegExp.$1 | @@ -224,7 +288,6 @@ typeInferenceMismatch | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | | tst.js:2:13:2:20 | source() | tst.js:5:10:5:22 | "/" + x + "!" | | tst.js:2:13:2:20 | source() | tst.js:14:10:14:17 | x.sort() | -| tst.js:2:13:2:20 | source() | tst.js:17:10:17:10 | a | | tst.js:2:13:2:20 | source() | tst.js:19:10:19:10 | a | | tst.js:2:13:2:20 | source() | tst.js:23:10:23:10 | b | | tst.js:2:13:2:20 | source() | tst.js:25:10:25:16 | x.pop() | @@ -251,16 +314,18 @@ typeInferenceMismatch | tst.js:2:13:2:20 | source() | tst.js:72:10:72:31 | Map.gro ... z => z) | | tst.js:2:13:2:20 | source() | tst.js:74:10:74:34 | Object. ... z => z) | | tst.js:2:13:2:20 | source() | tst.js:78:55:78:58 | item | -| tst.js:2:13:2:20 | source() | tst.js:79:14:79:20 | grouped | +| tst.js:2:13:2:20 | source() | tst.js:79:14:79:35 | grouped ... nown()) | | tst.js:2:13:2:20 | source() | tst.js:100:10:100:17 | x.with() | | tst.js:2:13:2:20 | source() | tst.js:102:10:102:14 | xWith | | tst.js:75:22:75:29 | source() | tst.js:75:10:75:52 | Map.gro ... (item)) | | tst.js:75:22:75:29 | source() | tst.js:75:47:75:50 | item | | tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item | -| tst.js:82:23:82:30 | source() | tst.js:84:14:84:20 | grouped | +| tst.js:82:23:82:30 | source() | tst.js:84:14:84:35 | grouped ... nown()) | | tst.js:87:22:87:29 | source() | tst.js:90:14:90:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) | +| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | +| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | | xml.js:12:17:12:24 | source() | xml.js:13:14:13:19 | result | | xml.js:23:18:23:25 | source() | xml.js:20:14:20:17 | attr | diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql index cfbd3a530db..e34c21407d7 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql @@ -1,5 +1,6 @@ import javascript import semmle.javascript.dataflow.InferredTypes +deprecated import utils.test.ConsistencyChecking DataFlow::CallNode getACall(string name) { result.getCalleeName() = name @@ -7,53 +8,56 @@ DataFlow::CallNode getACall(string name) { result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) } -class Sink extends DataFlow::Node { - Sink() { this = getACall("sink").getAnArgument() } -} +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } -/** - * A node that shouldn't be taintable according to the type inference, - * as it claims to be neither an object nor a string. - */ -class UntaintableNode extends DataFlow::Node { - UntaintableNode() { - not this.analyze().getAType() = TTObject() and - not this.analyze().getAType() = TTString() + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() } } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node node) { node = getACall("source") } +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } - override predicate isSink(DataFlow::Node node) { - node instanceof Sink - or - node instanceof UntaintableNode - } + override predicate isSource(DataFlow::Node node) { TestConfig::isSource(node) } + + override predicate isSink(DataFlow::Node node) { TestConfig::isSink(node) } override predicate isSanitizer(DataFlow::Node node) { node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof BasicSanitizerGuard + node instanceof BasicSanitizerGuardLegacy or + node instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } -class BasicSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +class BasicSanitizerGuard extends DataFlow::CallNode { BasicSanitizerGuard() { this = getACall("isSafe") } - override predicate sanitizes(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -query predicate typeInferenceMismatch(DataFlow::Node source, UntaintableNode sink) { - any(BasicConfig cfg).hasFlow(source, sink) +deprecated class BasicSanitizerGuardLegacy extends TaintTracking::SanitizerGuardNode instanceof BasicSanitizerGuard +{ + override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } } -from BasicConfig cfg, DataFlow::Node src, Sink sink -where cfg.hasFlow(src, sink) -select src, sink +query predicate flow = TestFlow::flow/2; + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 3b89229b2d7..42595adc131 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -1,9 +1,42 @@ +legacyDataFlowDifference +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | only flow with NEW data flow library | +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | only flow with NEW data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| export-taint.js:3:22:3:29 | source() | import-taint.js:7:10:7:25 | mod.object.taint | only flow with OLD data flow library | +| export-taint.js:3:22:3:29 | source() | import-taint.js:14:14:14:29 | mod.object.taint | only flow with OLD data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library | +| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library | +| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item | only flow with NEW data flow library | +| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:61:10:61:13 | item | @@ -13,18 +46,19 @@ | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -32,21 +66,54 @@ | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | exceptions.js:3:15:3:22 | source() | exceptions.js:5:10:5:10 | e | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:93:11:93:18 | source() | exceptions.js:95:10:95:10 | e | @@ -56,6 +123,8 @@ | exceptions.js:144:9:144:16 | source() | exceptions.js:132:8:132:27 | returnThrownSource() | | exceptions.js:150:13:150:20 | source() | exceptions.js:153:10:153:10 | e | | exceptions.js:158:13:158:20 | source() | exceptions.js:161:10:161:10 | e | +| export-taint.js:2:12:2:19 | source() | import-taint.js:6:10:6:18 | mod.taint | +| export-taint.js:2:12:2:19 | source() | import-taint.js:13:14:13:22 | mod.taint | | factory-function.js:21:13:21:20 | source() | factory-function.js:7:10:7:12 | obj | | factory-function.js:22:13:22:20 | source() | factory-function.js:7:10:7:12 | obj | | factory-function.js:26:7:26:14 | source() | factory-function.js:16:14:16:16 | obj | @@ -64,20 +133,25 @@ | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | indexOf.js:4:11:4:18 | source() | indexOf.js:13:10:13:10 | x | | logical-and.js:2:17:2:24 | source() | logical-and.js:4:10:4:24 | "safe" && taint | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | object-bypass-sanitizer.js:32:21:32:28 | source() | object-bypass-sanitizer.js:15:10:15:24 | sanitizer_id(x) | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:27:10:27:30 | sanitiz ... bj.foo) | @@ -99,18 +173,26 @@ | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:52:10:52:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | -| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:7:86:7 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:9:86:9 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:96:10:96:10 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:102:10:102:10 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x | +| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | +| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe | +| tst.js:2:13:2:20 | source() | tst.js:79:14:79:35 | grouped ... nown()) | +| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item | | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) | +| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql index 6799b0ffd78..e155f93669b 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql @@ -2,26 +2,43 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends DataFlow::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { - node instanceof BasicBarrierGuard + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } -class BasicBarrierGuard extends DataFlow::BarrierGuardNode, DataFlow::CallNode { +module TestFlow = DataFlow::Global; + +class BasicBarrierGuard extends DataFlow::CallNode { BasicBarrierGuard() { this = getACall("isSafe") } - override predicate blocks(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) -select src, sink +deprecated class BasicBarrierGuardLegacy extends DataFlow::BarrierGuardNode instanceof BasicBarrierGuard +{ + override predicate blocks(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } +} + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + node instanceof BasicBarrierGuardLegacy + } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js index 74faa593478..7db1eaf682d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js +++ b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js @@ -1,7 +1,7 @@ (function () { let source = source(); - var str = "FALSE"; + var str = "FALSE"; console.log("=== access by index (init by ctor) ==="); var arr = new Array(2); @@ -35,7 +35,7 @@ sink(arr[2]); // OK sink(arr[3]); // OK sink(arr[4]); // OK - sink(arr[5]); // NOT OK - but not flagged [INCONSISTENCY] + sink(arr[5]); // NOT OK console.log("=== access in for (init by [...]) ==="); var arr = [str, source]; @@ -58,6 +58,6 @@ console.log("=== access in forof (init by [...]) ==="); var arr = [str, source]; for (const item of arr) { - sink(item); // NOT OK + sink(item); // NOT OK } -}()); \ No newline at end of file +}()); diff --git a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js index 876d43bbc39..6cb0d6cea33 100644 --- a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js +++ b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js @@ -1,23 +1,23 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (x === 'a') sink(x); // OK - + if (x === 'a' || x === 'b') sink(x); // OK - + if (x === 'a' || 1 === 1) sink(x); // NOT OK if (isSafe(x)) sink(x); // OK - + if (isSafe(x, y) || isSafe(x, z)) - sink(x); // OK - + sink(x); // OK [INCONSISTENCY] + if (isSafe(x) || 1 === 1) sink(x); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/bound-function.js b/javascript/ql/test/library-tests/TaintTracking/bound-function.js index b38dee1c922..bc74312ea61 100644 --- a/javascript/ql/test/library-tests/TaintTracking/bound-function.js +++ b/javascript/ql/test/library-tests/TaintTracking/bound-function.js @@ -1,28 +1,33 @@ import * as dummy from 'dummy'; function foo(x, y) { - sink(y); + sink(y.test1); // OK + sink(y.test2); // NOT OK + sink(y.test3); // NOT OK + sink(y.test4); // OK + sink(y.test5); // OK + sink(y.test6); // OK } let foo0 = foo.bind(null); let foo1 = foo.bind(null, null); let foo2 = foo.bind(null, null, null); -foo0(source(), null); // OK -foo0(null, source()); // NOT OK +foo0({ test1: source() }, null); +foo0(null, { test2: source() }); -foo1(source()); // NOT OK -foo1(null, source()); // OK +foo1({ test3: source() }); +foo1(null, { test4: source() }); -foo2(source()); // OK -foo2(null, source()); // OK +foo2({ test5: source() }); +foo2(null, { test6: source() }); function takesCallback(cb) { - cb(source()); // NOT OK + cb(source()); } function callback(x, y) { - sink(y); + sink(y); // NOT OK [INCONSISTENCY] - lambda flow in dataflow2 does not handle partial invocations yet } takesCallback(callback.bind(null, null)); @@ -33,7 +38,7 @@ function id(x) { let sourceGetter = id.bind(null, source()); let constGetter = id.bind(null, 'safe'); -sink(sourceGetter()); // NOT OK - but not flagged +sink(sourceGetter()); // NOT OK [INCONSISTENCY] sink(constGetter()); // OK function id2(x, y) { diff --git a/javascript/ql/test/library-tests/TaintTracking/call-apply.js b/javascript/ql/test/library-tests/TaintTracking/call-apply.js index e26e3aa3835..4ed1bba7b71 100644 --- a/javascript/ql/test/library-tests/TaintTracking/call-apply.js +++ b/javascript/ql/test/library-tests/TaintTracking/call-apply.js @@ -31,13 +31,7 @@ sink(foo2.call(null, source, "")); // OK sink(foo1.apply(null, [source, ""])); // NOT OK sink(foo2.apply(null, [source, ""])); // OK - -// doesn't work due to fundamental limitations of our dataflow analysis. -// exactly (and I mean exactly) the same thing happens in the below `obj.foo` example. -// in general we don't track flow that first goes through a call, and then a return, unless we can summarize it. -// in the other examples we can summarize the flow, because it's quite simple, but here we can't. -// (try to read the QLDoc in the top of `Configuration.qll`, that might help). -sink(foo1_apply([source, ""])); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo1_apply([source, ""])); // NOT OK foo1_apply_sink([source, ""]); // This works, because we don't need a return after a call (the sink is inside the called function). @@ -58,7 +52,7 @@ function foo(x) { function bar(x) { return x.foo; } -sink(foo(obj)); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo(obj)); // NOT OK function argumentsObject() { function sinkArguments1() { @@ -67,12 +61,12 @@ function argumentsObject() { function sinkArguments0() { sink(arguments[0]); // NOT OK } - + function fowardArguments() { sinkArguments1.apply(this, arguments); sinkArguments0.apply(this, arguments); } - + fowardArguments.apply(this, [source, ""]); } @@ -84,4 +78,4 @@ function sinksThis2() { sink(this); // NOT OK } -sinksThis.apply(source(), []); \ No newline at end of file +sinksThis.apply(source(), []); diff --git a/javascript/ql/test/library-tests/TaintTracking/callbacks.js b/javascript/ql/test/library-tests/TaintTracking/callbacks.js index e317514f88f..2c0bb776a6a 100644 --- a/javascript/ql/test/library-tests/TaintTracking/callbacks.js +++ b/javascript/ql/test/library-tests/TaintTracking/callbacks.js @@ -35,8 +35,8 @@ function test() { provideTaint2(x => sink(x)); // NOT OK forwardTaint2(source(), x => sink(x)); // NOT OK - forwardTaint2("safe", x => sink(x)); // OK - + forwardTaint2("safe", x => sink(x)); // OK [INCONSISTENCY] + function helper1(x) { sink(x); // NOT OK return x; @@ -58,3 +58,18 @@ function test() { sink(x); // NOT OK }); } + +function forwardTaint3(x, cb) { + cb(x); // Same as 'forwardTaint' but copied to avoid interference between tests + cb(x); +} + +function forwardTaint4(x, cb) { + forwardTaint3(x, cb); // Same as 'forwardTaint2' but copied to avoid interference between tests + forwardTaint3(x, cb); +} + +function test2() { + forwardTaint4(source(), x => sink(x)); // NOT OK + forwardTaint4("safe", x => sink(x)); // OK +} diff --git a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js index af50e7523a9..ba792b889bf 100644 --- a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js +++ b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js @@ -29,3 +29,256 @@ function confuse(x) { sink(confuse('safe')); // OK sink(confuse(source())); // NOT OK + +function test3(param) { + var x; + function one() { + x = param; + } + function two() { + one(); + return x; + } + return two(); +} + +sink(test3(source())); // NOT OK +sink(test3("safe")); // OK + +function test3a(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + return x; + } + return two(); +} + +sink(test3a(source())); // NOT OK +sink(test3a("safe")); // OK + +function test3b(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + one(); + return x; + } + return two(); +} + +sink(test3b(source())); // NOT OK +sink(test3b("safe")); // OK + +function test3c(param) { + function one() { + return param; + } + function two() { + return one(); + } + return two(); +} + +sink(test3c(source())); // NOT OK +sink(test3c("safe")); // OK + +function test4() { + var x = source(); + return () => x; +} +sink(test4()()); // NOT OK + +function test5(x) { + return () => x; +} +sink(test5(source())()); // NOT OK +sink(test5("safe")()); // OK + +function testEscape(x) { + function escapingFunction() { + sink(x); // NOT OK + } + global.doEscape(escapingFunction); +} +testEscape(source()); + +function testEscapeViaReturn(x) { + function escapingFunction() { + sink(x); // NOT OK + } + return escapingFunction; +} +global.doEscape(testEscapeViaReturn(source())); + +function ordering() { + var orderingTaint; + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK [INCONSISTENCY] + }); + global.addEventListener('load', () => { + orderingTaint = source(); + }); + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK + }); +} +ordering(); + +function makeSafe(x) { + console.log(x); + return "safe"; +} +function flowSensitiveParamUpdate(x) { + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveParamUpdate(source()); + +function flowSensitiveLocalUpdate() { + let x = source(); + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalUpdate(); + +function flowSensitiveLocalIncrement() { + let x = source(); + ++x; + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalIncrement(); + +function destructuredVarDecl(param) { + let { x } = param; + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredVarDecl({ x: source() }); + +function destructuredLocalAssignment(param) { + let x; + ({ x } = param); + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredLocalAssignment({ x: source() }); + +function destructuredParam({ x }) { + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredParam({ x: source() }); + +function destructuredLoop(data) { + for (let { x } of data) { + function inner() { + sink(x); // NOT OK + } + inner(); + } +} +destructuredLoop([{ x: source() }]); + + +function testPromise(arg) { + function transform(x) { + return { prop: x }; + } + class Foo { + updatePrVisibility(y) { + const { prop: variable } = transform(y); + this.exists(variable).then(() => { + transform(variable); + }); + } + exists(fileOrDir) { + return new Promise(resolve => fs.sink(fileOrDir, err => resolve(!err))); // NOT OK + } + } + new Foo().updatePrVisibility(arg); +} +testPromise(source()); + +function sinkInner() { + var x = "safe"; + console.log(x); + x = source(); + console.log(x); + function inner() { + sink(x); // NOT OK + } + inner(); +} +sinkInner(); + +function testObjectWithMethods(taint) { + const objectWithMethods = { + field: taint, + arrowFunction: () => { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // OK - refers to outer 'this' + }, + regularFunction() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }, + }; + objectWithMethods.functionAddedLater = function() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }; + objectWithMethods.arrowFunction(); + objectWithMethods.regularFunction(); + objectWithMethods.functionAddedLater(); +} +testObjectWithMethods(source()); + +function captureThis() { + this.foo = source(); + window.addEventListener('click', () => { + sink(this.foo); // NOT OK + }); +} + +function CaptureThisWithoutJump(x) { + [1].forEach(() => { + this.foo = x; + }); + sink(this.foo); // NOT OK +} +sink(new CaptureThisWithoutJump(source()).foo); // NOT OK +sink(new CaptureThisWithoutJump('safe').foo); // OK + +function CaptureThisWithoutJump2(x) { + this.foo = x; + let y; + [1].forEach(() => y = this.foo); + return y; +} +sink(new CaptureThisWithoutJump2(source()).foo); // NOT OK +sink(new CaptureThisWithoutJump2('safe').foo); // OK diff --git a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js index c5991552787..049bf486e5c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js +++ b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js @@ -10,22 +10,36 @@ function JsClass(param) { this.taint = source(); } +class SubClass extends EcmaClass { + constructor(param) { + super(param); + } +} + function test() { let taint = source(); let c = new EcmaClass(taint); sink(c.param); // NOT OK sink(c.taint); // NOT OK - + let c_safe = new EcmaClass("safe"); sink(c_safe.param); // OK sink(c_safe.taint); // NOT OK - + let d = new JsClass(taint); sink(d.param); // NOT OK sink(d.taint); // NOT OK - + let d_safe = new JsClass("safe"); sink(d_safe.param); // OK sink(d_safe.taint); // NOT OK + + let e = new SubClass(taint); + sink(e.param); // NOT OK + sink(e.taint); // NOT OK + + let f_safe = new SubClass("safe"); + sink(f_safe.param); // OK + sink(f_safe.taint); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/exceptions.js b/javascript/ql/test/library-tests/TaintTracking/exceptions.js index 72d822be9ad..6ada4f4fb50 100644 --- a/javascript/ql/test/library-tests/TaintTracking/exceptions.js +++ b/javascript/ql/test/library-tests/TaintTracking/exceptions.js @@ -23,7 +23,7 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { @@ -32,16 +32,16 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { throwError2(safe); } catch (e) { - sink(e); // NOT OK - sink(e.toString()); // NOT OK - sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e); // OK + sink(e.toString()); // OK + sink(e.message); // OK + sink(e.fileName); // OK } try { @@ -51,14 +51,14 @@ function test(unsafe, safe) { } throwAsync(source()).catch(e => { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK }); async function asyncTester() { try { await throwAsync(source()); } catch (e) { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK } } } diff --git a/javascript/ql/test/library-tests/TaintTracking/export-taint.js b/javascript/ql/test/library-tests/TaintTracking/export-taint.js new file mode 100644 index 00000000000..aa27847b64d --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/export-taint.js @@ -0,0 +1,4 @@ +export default { + taint: source(), + object: { taint: source() } +}; diff --git a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js index 4fae44d083c..677110e003a 100644 --- a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js +++ b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js @@ -50,7 +50,7 @@ function testFlowThroughGetter() { function getX(c) { return c.x; } - sink(getX(new C(source()))); // NOT OK - but not flagged + sink(getX(new C(source()))); // NOT OK getX(null); } @@ -67,7 +67,7 @@ function testFlowThroughObjectLiteralAccessors() { obj.y = source(); function indirection(c) { - sink(c.x); // NOT OK - but not currently flagged + sink(c.x); // NOT OK - but not currently flagged [INCONSISTENCY] } indirection(obj); indirection(null); diff --git a/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js new file mode 100644 index 00000000000..5fb230ee7b6 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js @@ -0,0 +1,11 @@ +import 'dummy'; + +function Foo() { + this.foo = source(); + var obj = { + bar: function() { + sink(this.foo); // NOT OK + } + }; + Object.assign(this, obj); +} diff --git a/javascript/ql/test/library-tests/TaintTracking/import-taint.js b/javascript/ql/test/library-tests/TaintTracking/import-taint.js new file mode 100644 index 00000000000..3b4e0fff59f --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/import-taint.js @@ -0,0 +1,16 @@ +import 'dummy'; + +async function test1() { + let mod = await import("./export-taint"); + sink(mod); // OK + sink(mod.taint); // NOT OK + sink(mod.object.taint); // NOT OK [INCONSISTENCY] - blocked by access path limit +} + +function test2() { + import("./export-taint").then(mod => { + sink(mod); // OK + sink(mod.taint); // NOT OK + sink(mod.object.taint); // NOT OK [INCONSISTENCY] - blocked by access path limit + }); +} diff --git a/javascript/ql/test/library-tests/TaintTracking/nested-props.js b/javascript/ql/test/library-tests/TaintTracking/nested-props.js index a5ea3cc248b..e3878b1a185 100644 --- a/javascript/ql/test/library-tests/TaintTracking/nested-props.js +++ b/javascript/ql/test/library-tests/TaintTracking/nested-props.js @@ -57,7 +57,7 @@ function doLoadLoad(obj) { } function storeBackloadCallLoadLoadReturn(obj) { obj.x.y = source(); - sink(doLoadStore(obj)); // NOT OK - but not found + sink(doLoadStore(obj)); // NOT OK - but not found [INCONSISTENCY] } function doStoreReturn(val) { diff --git a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js index 129b3ed7b32..bc12c0162b6 100644 --- a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js +++ b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js @@ -20,12 +20,12 @@ function useTaintedValue(x) { function useTaintedObject(obj) { if (isSafe(obj)) { sink(obj); // OK - sink(obj.foo); // NOT OK + sink(obj.foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } sink(sanitizer_id(obj)); // OK sink(sanitizer_id(obj.foo)); // OK - sink(sanitizer_id(obj).foo); // NOT OK + sink(sanitizer_id(obj).foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } function test() { diff --git a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js index e673538005c..1fc61e96ffd 100644 --- a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js +++ b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js @@ -42,7 +42,7 @@ function test() { let taintGetter = id.bind(null, taint); sink(taintGetter); // OK - this is a function object - sink(taintGetter()); // NOT OK - but not currently detected + sink(taintGetter()); // NOT OK - but not currently detected [INCONSISTENCY] function safearray(x) { sink(x); // OK diff --git a/javascript/ql/test/library-tests/TaintTracking/promise.js b/javascript/ql/test/library-tests/TaintTracking/promise.js index 9714d258df5..6401cd971a2 100644 --- a/javascript/ql/test/library-tests/TaintTracking/promise.js +++ b/javascript/ql/test/library-tests/TaintTracking/promise.js @@ -10,5 +10,35 @@ function closure() { sink(Promise.resolve(source())); // NOT OK let resolver = Promise.withResolver(); resolver.resolve(source()); - sink(resolver.promise); // NOT OK -} \ No newline at end of file + sink(resolver.promise); // NOT OK [INCONSISTENCY] - flow summary for withResolver() currently not working +} + +function exceptionThroughThen() { + return new Promise((resolve, reject) => { + reject(new Error(source())); + }) + .then(x => "safe") + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} + +function exceptionThroughThen2() { + return new Promise((resolve, reject) => { + resolve("safe") + }) + .then(x => { + throw new Error(source()) + }) + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} + +function promiseAllTaint() { + sink(Promise.all(source())); // NOT OK +} diff --git a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js index 8aaa9fd24e2..14f4139ca08 100644 --- a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js +++ b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js @@ -1,8 +1,8 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (isSafe(x)) { sink(x); // OK } @@ -18,7 +18,7 @@ class C { sink(this.x); // OK addEventListener('hey', () => { - sink(this.x); // OK - but still flagged + sink(this.x); // OK - but still flagged [INCONSISTENCY] }); } @@ -61,7 +61,7 @@ function phi() { } else { x = null; } - sink(x); // OK + sink(x); // OK [INCONSISTENCY] - dataflow2 cannot block the phi edge } function phi2() { @@ -77,13 +77,13 @@ function phi2() { function falsy() { let x = source(); - + sink(x); // NOT OK - + if (x) { - sink(x); // OK (for taint-tracking) + sink(x); // NOT OK (for taint-tracking) } else { - sink(x); // NOT OK + sink(x); // OK } } diff --git a/javascript/ql/test/library-tests/TaintTracking/spread.js b/javascript/ql/test/library-tests/TaintTracking/spread.js index 1a2939b6f1d..34bbb943253 100644 --- a/javascript/ql/test/library-tests/TaintTracking/spread.js +++ b/javascript/ql/test/library-tests/TaintTracking/spread.js @@ -1,9 +1,26 @@ +import 'dummy'; + function test() { let taint = source(); - + sink({ ...taint }); // NOT OK sink({ f: 'hello', ...taint, g: 'world' }); // NOT OK sink([ ...taint ]); // NOT OK sink([ 1, 2, ...taint, 3 ]); // NOT OK + + fn1(...['x', taint, 'z']); + fn2.apply(undefined, ['x', taint, 'z']); +} + +function fn1(x, y, z) { + sink(x); + sink(y); // NOT OK + sink(z); +} + +function fn2(x, y, z) { + sink(x); + sink(y); // NOT OK + sink(z); } diff --git a/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js new file mode 100644 index 00000000000..a17bd43aa69 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js @@ -0,0 +1,31 @@ +import 'dummy'; + +function makeObject() { + return { + foo: { + bar: { + baz: source() + } + } + }; +} + +function test() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK +} + +function testCapture() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK - use-use flow should not see the effects of the implicit read in JSON.stringify + + function capture() { + object; + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/tst.js b/javascript/ql/test/library-tests/TaintTracking/tst.js index 8fbc5e525bd..7b8e1c8b4bc 100644 --- a/javascript/ql/test/library-tests/TaintTracking/tst.js +++ b/javascript/ql/test/library-tests/TaintTracking/tst.js @@ -14,7 +14,7 @@ function test() { sink(x.sort()); // NOT OK var a = []; - sink(a); // NOT OK (flow-insensitive treatment of `a`) + sink(a); // OK a.push(x); sink(a); // NOT OK @@ -76,12 +76,12 @@ function test() { { const grouped = Map.groupBy(x, (item) => sink(item)); // NOT OK - sink(grouped); // NOT OK + sink(grouped.get(unknown())); // NOT OK } { const list = [source()]; const grouped = Map.groupBy(list, (item) => sink(item)); // NOT OK - sink(grouped); // NOT OK + sink(grouped.get(unknown())); // NOT OK } { const data = source(); diff --git a/javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js b/javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js new file mode 100644 index 00000000000..73e433deb39 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js @@ -0,0 +1,17 @@ +import 'dummy'; + +function f(x) { + let captured; + function inner() { captured; captured = "sdf"; } + + captured = [source(), "safe", x]; + sink(captured); // NOT OK - implicit read of ArrayElement + g.apply(undefined, captured); // with use-use flow the output of an implicit read might flow here + + return captured; +} + +function g(x, y) { + sink(x); // NOT OK + sink(y); // OK +} diff --git a/javascript/ql/test/library-tests/TaintedUrlSuffix/test.expected b/javascript/ql/test/library-tests/TaintedUrlSuffix/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/library-tests/TaintedUrlSuffix/test.ql b/javascript/ql/test/library-tests/TaintedUrlSuffix/test.ql new file mode 100644 index 00000000000..6d3dc86505c --- /dev/null +++ b/javascript/ql/test/library-tests/TaintedUrlSuffix/test.ql @@ -0,0 +1,51 @@ +import javascript +import utils.test.InlineExpectationsTest +import semmle.javascript.security.TaintedUrlSuffix + +module TestConfig implements DataFlow::StateConfigSig { + import semmle.javascript.security.CommonFlowState + + predicate isSource(DataFlow::Node node, FlowState state) { + node = TaintedUrlSuffix::source() and state.isTaintedUrlSuffix() + or + node instanceof RemoteFlowSource and + not node = TaintedUrlSuffix::source() and + state.isTaint() + } + + predicate isSink(DataFlow::Node node, FlowState state) { none() } + + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call | + call.getCalleeName() = "sink" and + node = call.getArgument(0) + ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + TaintedUrlSuffix::isAdditionalFlowStep(node1, state1, node2, state2) + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { + TaintedUrlSuffix::isStateBarrier(node, state) + } +} + +module TestFlow = TaintTracking::GlobalWithState; + +module InlineTest implements TestSig { + string getARelevantTag() { result = "flow" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "flow" and + exists(TestFlow::PathNode src, TestFlow::PathNode sink | TestFlow::flowPath(src, sink) | + sink.getLocation() = location and + element = "" and + value = sink.getState().toString() + ) + } +} + +import MakeTest diff --git a/javascript/ql/test/library-tests/TaintedUrlSuffix/tst.js b/javascript/ql/test/library-tests/TaintedUrlSuffix/tst.js new file mode 100644 index 00000000000..0c755ac6512 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintedUrlSuffix/tst.js @@ -0,0 +1,22 @@ +import 'dummy'; + +function t1() { + const href = window.location.href; + + sink(href); // $ flow=tainted-url-suffix + + sink(href.split('#')[0]); // could be 'tainted-url-suffix', but omitted due to FPs from URI-encoding + sink(href.split('#')[1]); // $ flow=taint + sink(href.split('#').pop()); // $ flow=taint + sink(href.split('#')[2]); // $ MISSING: flow=taint // currently the split() summary only propagates to index 1 + + sink(href.split('?')[0]); + sink(href.split('?')[1]); // $ flow=taint + sink(href.split('?').pop()); // $ flow=taint + sink(href.split('?')[2]); // $ MISSING: flow=taint + + sink(href.split(blah())[0]); // $ flow=tainted-url-suffix + sink(href.split(blah())[1]); // $ flow=tainted-url-suffix + sink(href.split(blah()).pop()); // $ flow=tainted-url-suffix + sink(href.split(blah())[2]); // $ flow=tainted-url-suffix +} diff --git a/javascript/ql/test/library-tests/TripleDot/arrays.js b/javascript/ql/test/library-tests/TripleDot/arrays.js new file mode 100644 index 00000000000..0a18066eb76 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/arrays.js @@ -0,0 +1,22 @@ +import 'dummy'; + +function shiftKnown() { + let array = [source('shift.1'), source('shift.2')]; + sink(array.shift()); // $ hasValueFlow=shift.1 + sink(array.shift()); // $ SPURIOUS: hasValueFlow=shift.1 MISSING: hasValueFlow=shift.2 +} + +function shiftUnknown() { + const array = new Array(Math.floor(Math.random() * 10)); + array.push(source('shift.unkn')); + sink(array.shift()); // $ hasValueFlow=shift.unkn + sink(array.shift()); // $ hasValueFlow=shift.unkn + sink(array.shift()); // $ hasValueFlow=shift.unkn +} + +function shiftTaint() { + const array = source('shift.directly-tainted'); + sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted + sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted + sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted +} diff --git a/javascript/ql/test/library-tests/TripleDot/exceptions.js b/javascript/ql/test/library-tests/TripleDot/exceptions.js new file mode 100644 index 00000000000..241e6aca55d --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/exceptions.js @@ -0,0 +1,81 @@ +import 'dummy'; + +function e1() { + let array = [source('e1.1')]; + try { + array.forEach(x => { + throw x; + }); + array.forEach(x => { + throw source('e1.2'); + }); + array.forEach(() => { + throw source('e1.3'); // Same as e1.2 but without callback parameters + }); + } catch (err) { + sink(err); // $ hasValueFlow=e1.2 hasValueFlow=e1.3 hasValueFlow=e1.1 + } +} + +function e2() { + let array = [source('e2.1')]; + try { + array.unknown(x => { + throw x; + }); + array.unknown(x => { + throw source('e2.2'); + }); + } catch (err) { + sink(err); // $ hasValueFlow=e2.2 + } +} + +function e3() { + const events = getSomething(); + try { + events.addEventListener('click', () =>{ + throw source('e3.1'); + }); + events.addListener('click', () =>{ + throw source('e3.2'); + }); + events.on('click', () =>{ + throw source('e3.3'); + }); + events.unknownMethod('click', () =>{ + throw source('e3.4'); + }); + } catch (err) { + sink(err); // $ hasValueFlow=e3.4 + } +} + +function e4() { + function thrower(array) { + array.forEach(x => { throw x }); + } + try { + thrower([source("e4.1")]); + } catch (e) { + sink(e); // $ hasValueFlow=e4.1 + } + try { + thrower(["safe"]); + } catch (e) { + sink(e); + } +} + +async function e5() { + try { + Promise.resolve(0).finally(() => { + throw source("e5.1"); + }); + await Promise.resolve(0).finally(() => { + throw source("e5.2"); + }); + } catch (e) { + sink(e); // $ hasValueFlow=e5.2 + } +} diff --git a/javascript/ql/test/library-tests/TripleDot/iife.js b/javascript/ql/test/library-tests/TripleDot/iife.js new file mode 100644 index 00000000000..1697ce8d334 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/iife.js @@ -0,0 +1,82 @@ +function f1() { + function inner(x) { + return (function(p) { + return p; // argument to return + })(x); + } + sink(inner(source("f1.1"))); // $ hasValueFlow=f1.1 + sink(inner(source("f1.2"))); // $ hasValueFlow=f1.2 +} + +function f2() { + function inner(x) { + let y; + (function(p) { + y = p; // parameter to captured variable + })(x); + return y; + } + sink(inner(source("f2.1"))); // $ hasValueFlow=f2.1 + sink(inner(source("f2.2"))); // $ hasValueFlow=f2.2 +} + +function f3() { + function inner(x) { + return (function() { + return x; // captured variable to return + })(); + } + sink(inner(source("f3.1"))); // $ hasValueFlow=f3.1 + sink(inner(source("f3.2"))); // $ hasValueFlow=f3.2 +} + +function f4() { + function inner(x) { + let y; + (function() { + y = x; // captured variable to captured variable + })(); + return y; + } + sink(inner(source("f4.1"))); // $ hasValueFlow=f4.1 + sink(inner(source("f4.2"))); // $ hasValueFlow=f4.2 +} + +function f5() { + function inner(x) { + let y; + function nested(p) { + y = p; + } + nested(x); + return y; + } + sink(inner(source("f5.1"))); // $ hasValueFlow=f5.1 + sink(inner(source("f5.2"))); // $ hasValueFlow=f5.2 +} + +function f6() { + function inner(x) { + let y; + function nested(p) { + y = p; + } + (nested)(x); // same as f5, except the callee is parenthesised here + return y; + } + sink(inner(source("f6.1"))); // $ hasValueFlow=f6.1 + sink(inner(source("f6.2"))); // $ hasValueFlow=f6.2 +} + +function f7() { + function inner(x) { + let y; + let nested = (function (p) { + y = p; + }); + nested(x); // same as f5, except the function definition is parenthesised + return y; + } + sink(inner(source("f7.1"))); // $ hasValueFlow=f7.1 + sink(inner(source("f7.2"))); // $ hasValueFlow=f7.2 +} diff --git a/javascript/ql/test/library-tests/TripleDot/test.expected b/javascript/ql/test/library-tests/TripleDot/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/library-tests/TripleDot/test.ql b/javascript/ql/test/library-tests/TripleDot/test.ql new file mode 100644 index 00000000000..5d9dff62287 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/test.ql @@ -0,0 +1,3 @@ +import javascript +import utils.test.InlineFlowTest +import DefaultFlowTest diff --git a/javascript/ql/test/library-tests/TripleDot/tst.js b/javascript/ql/test/library-tests/TripleDot/tst.js new file mode 100644 index 00000000000..6f776264e84 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/tst.js @@ -0,0 +1,174 @@ +import 'dummy'; + +function t1() { + function target(...rest) { + sink(rest[0]); // $ hasValueFlow=t1.1 + sink(rest[1]); // $ hasValueFlow=t1.2 + sink(rest.join(',')); // $ hasTaintFlow=t1.1 hasTaintFlow=t1.2 + } + target(source('t1.1'), source('t1.2')); +} + +function t2() { + function target(x, ...rest) { + sink(x); // $ hasValueFlow=t2.1 + sink(rest.join(',')); // $ hasTaintFlow=t2.2 hasTaintFlow=t2.3 + } + target(source('t2.1'), source('t2.2'), source('t2.3')); +} + +function t3() { + function finalTarget(x, y, z) { + sink(x); // $ hasValueFlow=t3.1 + sink(y); // $ hasValueFlow=t3.2 + sink(z); // $ hasValueFlow=t3.3 + } + function target(...rest) { + finalTarget(...rest); + } + target(source('t3.1'), source('t3.2'), source('t3.3')); +} + +function t4() { + function finalTarget(w, x, y, z) { + sink(w); // $ hasValueFlow=t4.0 + sink(x); // $ hasValueFlow=t4.1 + sink(y); // $ hasValueFlow=t4.2 + sink(z); // $ hasValueFlow=t4.3 + } + function target(...rest) { + finalTarget(source('t4.0'), ...rest); + } + target(source('t4.1'), source('t4.2'), source('t4.3')); +} + +function t5() { + function finalTarget(w, x, y, z) { + sink(w); // $ hasValueFlow=t5.0 + sink(x); // $ hasValueFlow=t5.1 + sink(y); // $ hasValueFlow=t5.2 + sink(z); // $ hasValueFlow=t5.3 + } + function target(array) { + finalTarget(source('t5.0'), ...array); + } + target([source('t5.1'), source('t5.2'), source('t5.3')]); +} + +function t6() { + function target(x) { + sink(x); // $ hasValueFlow=t6.1 + sink(arguments[0]);// $ hasValueFlow=t6.1 + sink(arguments[1]);// $ hasValueFlow=t6.2 + sink(arguments[2]);// $ hasValueFlow=t6.3 + } + target(source('t6.1'), source('t6.2'), source('t6.3')); +} + +function t7() { + function finalTarget(x, y, z) { + sink(x); // $ hasValueFlow=t7.1 + sink(y); // $ hasValueFlow=t7.2 + sink(z); // $ hasValueFlow=t7.3 + } + function target() { + finalTarget(...arguments); + } + target(source('t7.1'), source('t7.2'), source('t7.3')); +} + +function t8() { + function finalTarget(x, y, z) { + sink(x); // $ hasValueFlow=t8.1 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4 + sink(y); // $ hasValueFlow=t8.2 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4 + sink(z); // $ hasValueFlow=t8.3 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4 + } + function target(array1, array2) { + finalTarget(...array1, ...array2); + } + target([source('t8.1'), source('t8.2')], [source('t8.3'), source('t8.4')]); +} + +function t9() { + function finalTarget(x, y, z) { + sink(x); // $ hasValueFlow=t9.1 + sink(y); // $ hasValueFlow=t9.2 + sink(z); // $ hasValueFlow=t9.3 + } + function target() { + finalTarget.apply(undefined, arguments); + } + target(source('t9.1'), source('t9.2'), source('t9.3')); +} + +function t10() { + function finalTarget(x, y, z) { + sink(x); // $ hasValueFlow=t10.1 + sink(y); // $ hasValueFlow=t10.2 + sink(z); // $ hasValueFlow=t10.3 + } + function target(...rest) { + finalTarget.apply(undefined, rest); + } + target(source('t10.1'), source('t10.2'), source('t10.3')); +} + +function t11() { + function target(x, y) { + sink(x); // $ hasTaintFlow=t11.1 + sink(y); // $ hasTaintFlow=t11.1 + } + target(...source('t11.1')); +} + +function t12() { + function target(x, y) { + sink(x); // $ SPURIOUS: hasTaintFlow=t12.1 + sink(y); // $ hasTaintFlow=t12.1 + } + target("safe", ...source('t12.1')); +} + +function t13() { + function target(x, y, ...rest) { + sink(x); // $ SPURIOUS: hasTaintFlow=t13.1 + sink(y); // $ hasTaintFlow=t13.1 + sink(rest); // $ hasTaintFlow=t13.1 + sink(rest[0]); // $ hasTaintFlow=t13.1 + } + target("safe", ...source('t13.1')); +} + +function t14() { + function target(x, y, ...rest) { + sink(x); // $ hasValueFlow=t14.1 + sink(y); // $ hasValueFlow=t14.1 + sink(rest.pop()); // $ hasValueFlow=t14.1 + sink(rest); // $ hasTaintFlow=t14.1 + } + const args = new Array(Math.floor(Math.random() * 10)); + args.push(source('t14.1')); + target(...args); +} + +function t15() { + function target(safe, x, y, ...rest) { + sink(safe); // $ SPURIOUS: hasValueFlow=t15.1 + sink(x); // $ hasValueFlow=t15.1 + sink(y); // $ hasValueFlow=t15.1 + sink(rest.pop()); // $ hasValueFlow=t15.1 + sink(rest); // $ hasTaintFlow=t15.1 + } + const args = new Array(Math.floor(Math.random() * 10)); + args.push(source('t15.1')); + target('safe', ...args); +} + +function t16() { + let array = new Array(Math.floor(Math.random() * 10)) + array.push(source("t16.1")); + sink(array[0]); // $ hasValueFlow=t16.1 + sink(array[1]); // $ hasValueFlow=t16.1 + sink(array[2]); // $ hasValueFlow=t16.1 + sink(array); // $ hasTaintFlow=t16.1 +} diff --git a/javascript/ql/test/library-tests/TripleDot/useuse.js b/javascript/ql/test/library-tests/TripleDot/useuse.js new file mode 100644 index 00000000000..eb862d0f7b7 --- /dev/null +++ b/javascript/ql/test/library-tests/TripleDot/useuse.js @@ -0,0 +1,177 @@ +import 'dummy'; + +function t1() { + const obj = {}; + + sink(obj.field); + + obj.field = source('t1.1'); + sink(obj.field); // $ hasValueFlow=t1.1 + + obj.field = "safe"; + sink(obj.field); // $ SPURIOUS: hasValueFlow=t1.1 + + obj.field = source('t1.2'); + sink(obj.field); // $ hasValueFlow=t1.2 SPURIOUS: hasValueFlow=t1.1 +} + +function t2() { + let obj; + + if (Math.random()) { + obj = {}; + sink(obj.field); + } else { + obj = {}; + obj.field = source('t2.1'); + sink(obj.field); // $ hasValueFlow=t2.1 + } + sink(obj.field); // $ hasValueFlow=t2.1 +} + +function t3() { + function inner(obj) { + sink(obj.foo); // $ hasValueFlow=t3.2 hasValueFlow=t3.1 + } + + inner({foo: source('t3.1')}); + + let obj = {}; + obj.foo = source('t3.2'); + inner(obj); +} + +function t4() { + class C { + constructor(x) { + this.foo = x; + sink(this.foo); // $ hasValueFlow=t4.1 + } + } + const c = new C(source('t4.1')); + sink(c.foo); // $ hasValueFlow=t4.1 +} + +function t5() { + class C { + field = source('t5.1') + constructor() { + sink(this.field); // $ hasValueFlow=t5.1 + } + } + const c = new C(); + sink(c.field); // $ hasValueFlow=t5.1 +} + + +function t6() { + function invoke(fn) { + fn(); + } + class C { + constructor(x, y) { + this.x = x; + invoke(() => { + this.y = y; + }); + + sink(this.x); // $ hasValueFlow=t6.1 + sink(this.y); // $ hasValueFlow=t6.2 + + invoke(() => { + sink(this.x); // $ hasValueFlow=t6.1 + sink(this.y); // $ hasValueFlow=t6.2 + }); + + this.methodLike = function() { + sink(this.x); // $ hasValueFlow=t6.1 + sink(this.y); // $ hasValueFlow=t6.2 + } + } + } + const c = new C(source('t6.1'), source('t6.2')); + sink(c.x); // $ hasValueFlow=t6.1 + sink(c.y); // $ hasValueFlow=t6.2 + c.methodLike(); +} + +function t7() { + class Base { + constructor(x) { + this.field = x; + sink(this.field); // $ hasTaintFlow=t7.1 + } + } + class Sub extends Base { + constructor(x) { + super(x + '!'); + sink(this.field); // $ hasTaintFlow=t7.1 + } + } + const c = new Sub(source('t7.1')); + sink(c.field); // $ hasTaintFlow=t7.1 +} + +function t8() { + function foo(x) { + const obj = {}; + obj.field = x; + + sink(obj.field); // $ hasTaintFlow=t8.1 + + if (obj) { + sink(obj.field); // $ hasTaintFlow=t8.1 + } else { + sink(obj.field); + } + + if (!obj) { + sink(obj.field); + } else { + sink(obj.field); // $ hasTaintFlow=t8.1 + } + + if (!obj || !obj) { + sink(obj.field); + } else { + sink(obj.field); // $ hasTaintFlow=t8.1 + } + } + + // The guards used above are specific to taint-tracking, to ensure only taint flows in + const taint = source('t8.1') + ' taint'; + foo(taint); +} + +function t9() { // same as t8 but with a SanitizerGuard that isn't just a variable access + function foo(x) { + const obj = {}; + obj.field = x; + + sink(obj.field); // $ hasTaintFlow=t9.1 + + if (typeof obj !== "undefined") { + sink(obj.field); // $ hasTaintFlow=t9.1 + } else { + sink(obj.field); + } + + if (typeof obj === "undefined") { + sink(obj.field); + } else { + sink(obj.field); // $ hasTaintFlow=t9.1 + } + + if (typeof obj === "undefined" || typeof obj === "undefined") { + // The shared SSA library expects short-circuiting operators be pre-order in the CFG, + // but in JS they are post-order (as per evaluation order). + sink(obj.field); // $ SPURIOUS: hasTaintFlow=t9.1 + } else { + sink(obj.field); // $ hasTaintFlow=t9.1 + } + } + + // The guards used above are specific to taint-tracking, to ensure only taint flows in + const taint = source('t9.1') + ' taint'; + foo(taint); +} diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected index 4299e997ca8..d891fe49179 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference dataFlowModuleImports | ./esDefaultExport | tst.ts:1:26:1:53 | require ... xport') | | ./esNamedExports | tst.ts:2:18:2:44 | require ... ports') | @@ -29,4 +30,4 @@ resolution | tst.ts:10:1:10:20 | new NodeFullExport() | nodeFullExport.ts:3:18:3:40 | class N ... port {} | tst.ts | NodeFullExport | nodeFullExport.ts | | tst.ts:11:1:11:31 | new nod ... xport() | nodeNamedExport.ts:3:27:3:50 | class N ... port {} | tst.ts | NodeNamedExport | nodeNamedExport.ts | taint -| test taint config | taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | +| taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql index c7bc1929209..839ba2c560b 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql @@ -38,18 +38,26 @@ query predicate resolution( klassFile = klass.getFile().getBaseName() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "test taint config" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSource").getACall() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSink").getACall().getArgument(0) } } -query predicate taint(TaintConfig cfg, DataFlow::Node source, DataFlow::Node sink) { - cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +query predicate taint = TestFlow::flow/2; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.expected b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.expected new file mode 100644 index 00000000000..e1481d55a80 --- /dev/null +++ b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.expected @@ -0,0 +1 @@ +| pass | diff --git a/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.ql b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.ql new file mode 100644 index 00000000000..51ed46ac655 --- /dev/null +++ b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.ql @@ -0,0 +1,19 @@ +/** + * Test that fails with a compilation error if `getACallSimple` depends on the call graph. + * To do this, we add a negative dependency from the call graph to `getACallSimple`. + */ + +import javascript +import semmle.javascript.dataflow.internal.StepSummary +import semmle.javascript.dataflow.FlowSummary + +class NegativeDependency extends DataFlow::SharedTypeTrackingStep { + override predicate step(DataFlow::Node node1, DataFlow::Node node2) { + exists(SummarizedCallable callable | + not exists(callable.getACallSimple()) and + node1 = node2 + ) + } +} + +select "pass" diff --git a/javascript/ql/test/library-tests/TypeTracking2/summaries.js b/javascript/ql/test/library-tests/TypeTracking2/summaries.js new file mode 100644 index 00000000000..1550ded19f4 --- /dev/null +++ b/javascript/ql/test/library-tests/TypeTracking2/summaries.js @@ -0,0 +1,55 @@ +function m0() { + const x = source("m0.1"); + sink(x); // $ track=m0.1 +} + +function m1() { + const fn = mkSummary("Argument[0]", "ReturnValue"); + const obj = source("m1.1"); + sink(fn(obj)); // $ track=m1.1 + sink(fn(obj.p)); + sink(fn(obj).p); + sink(fn({ p: obj })); + sink(fn({ p: obj }).q); +} + +function m2() { + const fn = mkSummary("Argument[0].Member[p]", "ReturnValue"); + const obj = source("m2.1"); + sink(fn(obj)); + sink(fn(obj.p)); + sink(fn(obj).p); + sink(fn({ p: obj })); // $ track=m2.1 + sink(fn({ p: obj }).q); +} + +function m3() { + const fn = mkSummary("Argument[0]", "ReturnValue.Member[p]"); + const obj = source("m3.1"); + sink(fn(obj)); + sink(fn(obj.p)); + sink(fn(obj).p); // $ track=m3.1 + sink(fn({ p: obj })); + sink(fn({ p: obj }).q); +} + + +function m4() { + const fn = mkSummary("Argument[0].Member[p]", "ReturnValue.Member[q]"); + const obj = source("m4.1"); + sink(fn(obj)); + sink(fn(obj.p)); + sink(fn(obj).p); + sink(fn({ p: obj })); + sink(fn({ p: obj }).q); // $ track=m4.1 +} + +function m5() { + // Store and read to a property that isn't mentioned anywhere in the source code. + const store = mkSummary("Argument[0]", "ReturnValue.Member[propOnlyMentionedInSummary]"); + const read = mkSummary("Argument[0].Member[propOnlyMentionedInSummary]", "ReturnValue"); + sink(read(store(source("m5.1")))); // $ track=m5.1 + sink(read(source("m5.1"))); + sink(store(source("m5.1"))); + sink(store(read(source("m5.1")))); +} diff --git a/javascript/ql/test/library-tests/TypeTracking2/test.expected b/javascript/ql/test/library-tests/TypeTracking2/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/library-tests/TypeTracking2/test.ql b/javascript/ql/test/library-tests/TypeTracking2/test.ql new file mode 100644 index 00000000000..5f79d18a0e4 --- /dev/null +++ b/javascript/ql/test/library-tests/TypeTracking2/test.ql @@ -0,0 +1,39 @@ +import javascript +import utils.test.InlineSummaries +import utils.test.InlineExpectationsTest + +private DataFlow::SourceNode typeTrack(DataFlow::TypeTracker t, string name) { + t.start() and + exists(DataFlow::CallNode call | + call.getCalleeName() = "source" and + name = call.getArgument(0).getStringValue() and + result = call + ) + or + exists(DataFlow::TypeTracker t2 | result = typeTrack(t2, name).track(t2, t)) +} + +DataFlow::SourceNode typeTrack(string name) { + result = typeTrack(DataFlow::TypeTracker::end(), name) +} + +module TestConfig implements TestSig { + string getARelevantTag() { result = "track" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + element = "" and + tag = "track" and + exists(DataFlow::CallNode call, DataFlow::Node arg | + call.getCalleeName() = "sink" and + arg = call.getArgument(0) and + typeTrack(value).flowsTo(arg) and + location = arg.getLocation() + ) + } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + none() + } +} + +import MakeTest diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected index f09f0aed3b4..acf97ab947e 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference pipeRef | source.component.html:3:22:3:32 | unknownPipe | | source.component.html:4:22:4:32 | unknownPipe | diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql index 5ff99611121..140ae675a77 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql @@ -14,21 +14,31 @@ query Angular2::PipeClass pipeClass() { any() } query DataFlow::Node pipeClassRef(Angular2::PipeClass cls) { result = cls.getAPipeRef() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "TaintConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } } +module TestFlow = TaintTracking::Global; + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(TaintConfig c).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) { attrib.getName() = "[testAttr]" and top = attrib.getCodeInAttribute() } + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected index 2c2b8fec2cc..168f5ec5ace 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected @@ -1,8 +1,10 @@ -| each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item | -| map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item | +legacyDataFlowDifference +| each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item | only flow with OLD data flow library | +| map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item | only flow with OLD data flow library | +| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result | only flow with OLD data flow library | +| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result | only flow with OLD data flow library | +#select | map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result | -| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result | -| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result | | waterfall.js:8:30:8:37 | source() | waterfall.js:11:12:11:16 | taint | | waterfall.js:8:30:8:37 | source() | waterfall.js:20:10:20:14 | taint | | waterfall.js:28:18:28:25 | source() | waterfall.js:39:10:39:12 | err | diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql index 7d591e1b48b..d744d55d28a 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql @@ -2,14 +2,24 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } - - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node src, DataFlow::Node sink +where TestFlow::flow(src, sink) select src, sink diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.expected b/javascript/ql/test/library-tests/frameworks/Collections/test.expected index 9baf749a831..db33c8d3f86 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.expected @@ -1,19 +1,4 @@ -dataFlow -| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | -| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | -| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | -| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | -| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +legacyDataFlowDifference typeTracking | tst.js:2:16:2:23 | source() | tst.js:2:16:2:23 | source() | | tst.js:2:16:2:23 | source() | tst.js:6:14:6:14 | e | @@ -31,3 +16,19 @@ typeTracking | tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | | tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | | tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +dataFlow +| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | +| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | +| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | +| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | +| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.ql b/javascript/ql/test/library-tests/frameworks/Collections/test.ql index 9e3561fa844..0b12b72cf11 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.ql @@ -1,21 +1,29 @@ import javascript -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +query predicate dataFlow = TestFlow::flow/2; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + DataFlow::SourceNode trackSource(DataFlow::TypeTracker t, DataFlow::SourceNode start) { t.start() and result.(DataFlow::CallNode).getCalleeName() = "source" and diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected index 932f4ea6d43..2550bfedb05 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:10:10:10:15 | source | | tst.js:15:10:15:13 | f1() | | tst.js:20:10:20:24 | lcompose1(f2)() | diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql index d303fba17c9..ba69ac34ce5 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/immutable.js b/javascript/ql/test/library-tests/frameworks/Immutable/immutable.js index 78104b6a20a..7a6e87753a9 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/immutable.js +++ b/javascript/ql/test/library-tests/frameworks/Immutable/immutable.js @@ -55,4 +55,7 @@ Set.of(source()).filter(x => true).toList().forEach(x => sink(x)); // NOT OK Set([source()]).filter(x => true).toList().forEach(x => sink(x)); // NOT OK -OrderedSet([source()]).filter(x => true).toList().forEach(x => sink(x)); // NOT OK \ No newline at end of file +OrderedSet([source()]).filter(x => true).toList().forEach(x => sink(x)); // NOT OK + +x.d; // ensure 'd' property exists +x.f; // ensure 'f' property exists diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected index 6edc4ee1a96..e071504bfcf 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +dataFlow | immutable.js:1:16:1:26 | source("a") | immutable.js:2:6:2:13 | obj["a"] | | immutable.js:1:16:1:26 | source("a") | immutable.js:11:6:11:18 | map1.get("a") | | immutable.js:1:16:1:26 | source("a") | immutable.js:12:6:12:18 | map2.get("a") | diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql index 58d12ea774f..8018bf39e02 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql @@ -1,18 +1,26 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +query predicate dataFlow = TestFlow::flow/2; + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql b/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql index 45180e70a5f..19b791edf23 100644 --- a/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql +++ b/javascript/ql/test/library-tests/frameworks/Nest/Consistency.ql @@ -1,3 +1,3 @@ -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery as ServerSideUrlRedirect diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.expected b/javascript/ql/test/library-tests/frameworks/Next/tests.expected index ced2e1f3fe1..9e9f6878b53 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference remoteFlow | pages/[my-fallback-id].jsx:9:40:9:45 | params | | pages/secondpage.jsx:5:17:5:27 | ctx.req.url | diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.ql b/javascript/ql/test/library-tests/frameworks/Next/tests.ql index 134efa0faf1..2b18cd1722a 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.ql @@ -2,18 +2,26 @@ import javascript query RemoteFlowSource remoteFlow() { any() } -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +deprecated class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataFlow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected index 9244a0a9491..f7bcb9f8abc 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:25:10:25:15 | source | | tst.js:32:10:32:27 | _.pick(tainted, s) | | tst.js:33:10:33:26 | _.get(tainted, s) | diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql index d303fba17c9..ba69ac34ce5 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink diff --git a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected index 491c7527598..4804e30b6f7 100644 --- a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected @@ -100,6 +100,7 @@ test_ReactComponent_ref | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:19:11:19:10 | this | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:20:24:20:27 | this | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | implicit 'this' | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:2:9:2:8 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:3:24:3:27 | this | @@ -110,24 +111,31 @@ test_ReactComponent_ref | es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:9:18:12 | this | | exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | exportedComponent.jsx:1:8:1:7 | this | | importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | importedComponent.jsx:3:8:3:7 | this | +| namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | implicit 'this' | | namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | this | +| namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | implicit 'this' | | namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | this | | plainfn.js:1:1:3:1 | functio ... div>;\\n} | plainfn.js:1:1:1:0 | this | | plainfn.js:5:1:7:1 | functio ... iv");\\n} | plainfn.js:5:1:5:0 | this | | plainfn.js:9:1:12:1 | functio ... rn x;\\n} | plainfn.js:9:1:9:0 | this | | plainfn.js:20:1:24:1 | functio ... n 42;\\n} | plainfn.js:20:1:20:0 | this | +| preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | implicit 'this' | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | this | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:2:11:2:10 | this | +| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | implicit 'this' | | preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | this | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | implicit 'this' | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:2:11:2:10 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:3:9:3:12 | this | +| props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | implicit 'this' | | props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | this | | props.js:2:5:3:5 | class C ... {\\n } | props.js:9:5:9:55 | new C({ ... ctor"}) | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:13:31:17:5 | {\\n ... }\\n } | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:14:24:14:23 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:26:5:26:4 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:34:5:34:55 | new C({ ... ctor"}) | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | implicit 'this' | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:2:36:2:35 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:5:26:5:25 | this | @@ -147,6 +155,7 @@ test_ReactComponent_ref | statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:18:9:18:11 | cmp | | statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:22:9:22:11 | cmp | | statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:25:20:25:19 | this | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:31:5:33:6 | implicit 'this' | | statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | | statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | statePropertyWrites.js:37:11:37:10 | this | | statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | statePropertyWrites.js:38:24:38:27 | this | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.expected b/javascript/ql/test/library-tests/frameworks/Redux/test.expected index 6a3675fea00..62997826b36 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | only flow with OLD data flow library | reducerArg | exportedReducer.js:12:12:12:35 | (state, ... > state | | react-redux.jsx:12:33:17:9 | (state, ... } | @@ -111,7 +113,6 @@ taintFlow | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:74:10:74:35 | props.p ... lAction | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:75:10:75:36 | props.p ... Action2 | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:76:10:76:36 | props.p ... Action3 | -| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | reactComponentRef | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.ql b/javascript/ql/test/library-tests/frameworks/Redux/test.ql index 882aaeb616c..71608c915af 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.ql @@ -44,20 +44,28 @@ query predicate reducerToStateStep = Redux::reducerToStateStep/2; query Redux::StoreCreation storeCreation() { any() } -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaint cfg).hasFlow(source, sink) + TestFlow::flow(source, sink) } query DataFlow::SourceNode reactComponentRef(ReactComponent component) { diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql index e385b558458..720f35ba21d 100644 --- a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql @@ -57,9 +57,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -107,9 +105,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -157,9 +153,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -207,9 +201,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) diff --git a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql index ef785a2860b..2ea6fc4bd4c 100644 --- a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql @@ -63,9 +63,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -119,9 +117,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -175,9 +171,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -231,9 +225,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) diff --git a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected index 48b2111a4a2..c84c79bbc83 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected @@ -1,140 +1,83 @@ -nodes -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | edges -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | +| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | provenance | | +| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | provenance | | +| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | provenance | | +| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | provenance | | +| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | provenance | | +| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | provenance | | +| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | provenance | | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | provenance | | +| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | provenance | | +| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | provenance | | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | provenance | | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | provenance | | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | provenance | | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | provenance | | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | provenance | | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | provenance | | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | provenance | | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | provenance | | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | provenance | | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | provenance | | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | provenance | | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | provenance | | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | provenance | | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | provenance | | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | provenance | | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | provenance | | +nodes +| app.js:15:30:15:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:17:25:17:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:19:35:19:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:34:30:34:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:36:25:36:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:38:35:38:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:53:30:53:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:54:33:54:64 | req.que ... CodeRaw | semmle.label | req.que ... CodeRaw | +| app.js:56:25:56:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:58:35:58:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:59:38:59:74 | req.que ... ringRaw | semmle.label | req.que ... ringRaw | +| app.js:65:22:65:42 | req.que ... pedHtml | semmle.label | req.que ... pedHtml | +| app.js:66:18:66:34 | req.query.rawHtml | semmle.label | req.query.rawHtml | +| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | semmle.label | rawHtml | +| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | semmle.label | rawHtml | +| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | semmle.label | <%= dataInGeneratedCode %> | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | semmle.label | <%= backslashSink1 %> | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | semmle.label | backslashSink1 | +| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | semmle.label | <%= dataInEventHandlerString %> | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | semmle.label | {{ dataInGeneratedCodeRaw \| safe }} | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | semmle.label | dataInG ... CodeRaw | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | semmle.label | dataInG ... \| safe | +| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | semmle.label | {{ dataInEventHandlerStringRaw \| safe }} | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | semmle.label | dataInE ... ringRaw | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | semmle.label | dataInE ... \| safe | +subpaths #select | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:65:22:65:42 | req.que ... pedHtml | user-provided value | | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref b/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref deleted file mode 100644 index 353427de471..00000000000 --- a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref +++ /dev/null @@ -1 +0,0 @@ -Security/CWE-079/Xss.ql diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected new file mode 100644 index 00000000000..1bed23967d2 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected @@ -0,0 +1,41 @@ +legacyDataFlowDifference +flow +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | +| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | +| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | +| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | +| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | +| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | +| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | +| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | +| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | +| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | +| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | +| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:73:18:73:30 | req.query.foo | views/dot_sinks.html.dot:3:9:3:22 | {{! tainted }} | +| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | +| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql new file mode 100644 index 00000000000..66f34f2e422 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql @@ -0,0 +1,8 @@ +import javascript +import semmle.javascript.security.dataflow.DomBasedXssQuery +deprecated import utils.test.LegacyDataFlowDiff + +deprecated query predicate legacyDataFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +query predicate flow = DomBasedXssFlow::flow/2; diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected index e69de29bb2d..d65d51bc417 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql index 2a3b4d4270b..a508004caa8 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql @@ -1,14 +1,28 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected index 39630269a33..70fc4b00eab 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.expected +++ b/javascript/ql/test/library-tests/frameworks/data/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference consistencyIssue taintFlow | paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x | diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ql b/javascript/ql/test/library-tests/frameworks/data/test.ql index c26e59cd5fe..6a1d571351b 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.ql +++ b/javascript/ql/test/library-tests/frameworks/data/test.ql @@ -1,5 +1,5 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels class TypeModelFromCodeQL extends ModelInput::TypeModel { @@ -11,24 +11,40 @@ class TypeModelFromCodeQL extends ModelInput::TypeModel { } } -class BasicTaintTracking extends TaintTracking::Configuration { - BasicTaintTracking() { this = "BasicTaintTracking" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" or source = ModelOutput::getASourceNode("test-source").asSource() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or sink = ModelOutput::getASinkNode("test-sink").asSink() } } +module TestFlow = TaintTracking::Global; + +deprecated class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaintTracking tr).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate isSink(DataFlow::Node node, string kind) { diff --git a/javascript/ql/test/library-tests/threat-models/sources/TestSources.expected b/javascript/ql/test/library-tests/threat-models/sources/TestSources.expected index e69de29bb2d..f907a831d3e 100644 --- a/javascript/ql/test/library-tests/threat-models/sources/TestSources.expected +++ b/javascript/ql/test/library-tests/threat-models/sources/TestSources.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +testFailures diff --git a/javascript/ql/test/library-tests/threat-models/sources/TestSources.ql b/javascript/ql/test/library-tests/threat-models/sources/TestSources.ql index 38a2d20696f..06c53aded63 100644 --- a/javascript/ql/test/library-tests/threat-models/sources/TestSources.ql +++ b/javascript/ql/test/library-tests/threat-models/sources/TestSources.ql @@ -1,12 +1,10 @@ import javascript import utils.test.InlineExpectationsTest -class TestSourcesConfiguration extends TaintTracking::Configuration { - TestSourcesConfiguration() { this = "TestSources" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource } - override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr call | call.getAnArgument() = sink.asExpr() and call.getCalleeName() = "SINK" @@ -14,12 +12,22 @@ class TestSourcesConfiguration extends TaintTracking::Configuration { } } +module TestFlow = TaintTracking::Global; + +deprecated class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "TestSources" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + private module InlineTestSources implements TestSig { string getARelevantTag() { result in ["hasFlow", "threat-source"] } predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node sink | - any(TestSourcesConfiguration c).hasFlow(_, sink) and + TestFlow::flowTo(sink) and value = "" and location = sink.getLocation() and tag = "hasFlow" and @@ -36,3 +44,4 @@ private module InlineTestSources implements TestSig { } import MakeTest +deprecated import utils.test.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected index 9d4a6fc4a9a..60423f3d667 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected @@ -1,98 +1,55 @@ -nodes -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | edges -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | provenance | | +nodes +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name | +| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | semmle.label | {\\n ... }\\n } | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | semmle.label | {\\n ... } [z] | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [x] | semmle.label | {\\n x ... usted\\n} [x] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [y] | semmle.label | {\\n x ... usted\\n} [y] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} [z] | semmle.label | {\\n x ... usted\\n} [z] | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted | +subpaths #select | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | @@ -102,7 +59,6 @@ edges | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql index e73494a1cd2..0183ac6ade6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql @@ -1,3 +1,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking + +deprecated class TaintedPathConsistency extends ConsistencyConfiguration { + TaintedPathConsistency() { this = "TaintedPathConsistency" } + + override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 6a45147a4e2..c1985970e3b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1,10917 +1,956 @@ nodes -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:63:65:69 | req.url | -| TaintedPath.js:65:63:65:69 | req.url | -| TaintedPath.js:65:63:65:69 | req.url | -| TaintedPath.js:65:63:65:69 | req.url | -| TaintedPath.js:65:63:65:69 | req.url | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:61:66:67 | req.url | -| TaintedPath.js:66:61:66:67 | req.url | -| TaintedPath.js:66:61:66:67 | req.url | -| TaintedPath.js:66:61:66:67 | req.url | -| TaintedPath.js:66:61:66:67 | req.url | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:60:67:66 | req.url | -| TaintedPath.js:67:60:67:66 | req.url | -| TaintedPath.js:67:60:67:66 | req.url | -| TaintedPath.js:67:60:67:66 | req.url | -| TaintedPath.js:67:60:67:66 | req.url | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:23:84:29 | req.url | -| TaintedPath.js:84:23:84:29 | req.url | -| TaintedPath.js:84:23:84:29 | req.url | -| TaintedPath.js:84:23:84:29 | req.url | -| TaintedPath.js:84:23:84:29 | req.url | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:23:120:29 | req.url | -| TaintedPath.js:120:23:120:29 | req.url | -| TaintedPath.js:120:23:120:29 | req.url | -| TaintedPath.js:120:23:120:29 | req.url | -| TaintedPath.js:120:23:120:29 | req.url | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:24:126:30 | req.url | -| TaintedPath.js:126:24:126:30 | req.url | -| TaintedPath.js:126:24:126:30 | req.url | -| TaintedPath.js:126:24:126:30 | req.url | -| TaintedPath.js:126:24:126:30 | req.url | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:24:150:30 | req.url | -| TaintedPath.js:150:24:150:30 | req.url | -| TaintedPath.js:150:24:150:30 | req.url | -| TaintedPath.js:150:24:150:30 | req.url | -| TaintedPath.js:150:24:150:30 | req.url | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:38:187:44 | req.url | -| TaintedPath.js:187:38:187:44 | req.url | -| TaintedPath.js:187:38:187:44 | req.url | -| TaintedPath.js:187:38:187:44 | req.url | -| TaintedPath.js:187:38:187:44 | req.url | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | -| TaintedPath.js:188:51:188:57 | req.url | -| TaintedPath.js:188:51:188:57 | req.url | -| TaintedPath.js:188:51:188:57 | req.url | -| TaintedPath.js:188:51:188:57 | req.url | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:44:190:50 | req.url | -| TaintedPath.js:190:44:190:50 | req.url | -| TaintedPath.js:190:44:190:50 | req.url | -| TaintedPath.js:190:44:190:50 | req.url | -| TaintedPath.js:190:44:190:50 | req.url | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:24:195:30 | req.url | -| TaintedPath.js:195:24:195:30 | req.url | -| TaintedPath.js:195:24:195:30 | req.url | -| TaintedPath.js:195:24:195:30 | req.url | -| TaintedPath.js:195:24:195:30 | req.url | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:24:202:30 | req.url | -| TaintedPath.js:202:24:202:30 | req.url | -| TaintedPath.js:202:24:202:30 | req.url | -| TaintedPath.js:202:24:202:30 | req.url | -| TaintedPath.js:202:24:202:30 | req.url | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:412:7:412:46 | path | -| normalizedPaths.js:412:7:412:46 | path | -| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| normalizedPaths.js:412:35:412:45 | req.query.x | -| normalizedPaths.js:412:35:412:45 | req.query.x | -| normalizedPaths.js:412:35:412:45 | req.query.x | -| normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:426:21:426:24 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | +| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path | +| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url | +| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) | +| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path | +| TaintedPath.js:9:7:9:48 | path | semmle.label | path | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url | +| TaintedPath.js:12:29:12:32 | path | semmle.label | path | +| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path | +| TaintedPath.js:15:45:15:48 | path | semmle.label | path | +| TaintedPath.js:18:33:18:36 | path | semmle.label | path | +| TaintedPath.js:21:33:21:36 | path | semmle.label | path | +| TaintedPath.js:24:33:24:36 | path | semmle.label | path | +| TaintedPath.js:33:31:33:34 | path | semmle.label | path | +| TaintedPath.js:38:3:38:44 | path | semmle.label | path | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url | +| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:42:48:42:51 | path | semmle.label | path | +| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) | +| TaintedPath.js:46:45:46:48 | path | semmle.label | path | +| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:48:51:48:54 | path | semmle.label | path | +| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:50:50:50:53 | path | semmle.label | path | +| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| TaintedPath.js:52:52:52:55 | path | semmle.label | path | +| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) | +| TaintedPath.js:54:49:54:52 | path | semmle.label | path | +| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:56:48:56:51 | path | semmle.label | path | +| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:58:54:58:57 | path | semmle.label | path | +| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) | +| TaintedPath.js:60:57:60:60 | path | semmle.label | path | +| TaintedPath.js:65:31:65:70 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:65:31:65:76 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:65:63:65:69 | req.url | semmle.label | req.url | +| TaintedPath.js:66:31:66:68 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:66:31:66:74 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:66:61:66:67 | req.url | semmle.label | req.url | +| TaintedPath.js:67:31:67:67 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:67:31:67:73 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:67:60:67:66 | req.url | semmle.label | req.url | +| TaintedPath.js:75:48:75:60 | req.params[0] | semmle.label | req.params[0] | +| TaintedPath.js:84:6:84:47 | path | semmle.label | path | +| TaintedPath.js:84:13:84:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:84:13:84:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:84:13:84:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:84:23:84:29 | req.url | semmle.label | req.url | +| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) | +| TaintedPath.js:86:44:86:47 | path | semmle.label | path | +| TaintedPath.js:87:14:87:17 | path | semmle.label | path | +| TaintedPath.js:88:32:88:39 | realpath | semmle.label | realpath | +| TaintedPath.js:89:45:89:52 | realpath | semmle.label | realpath | +| TaintedPath.js:120:6:120:47 | path | semmle.label | path | +| TaintedPath.js:120:13:120:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:120:13:120:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:120:13:120:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:120:23:120:29 | req.url | semmle.label | req.url | +| TaintedPath.js:122:23:122:26 | path | semmle.label | path | +| TaintedPath.js:126:7:126:48 | path | semmle.label | path | +| TaintedPath.js:126:14:126:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:126:14:126:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:126:14:126:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:126:24:126:30 | req.url | semmle.label | req.url | +| TaintedPath.js:128:19:128:22 | path | semmle.label | path | +| TaintedPath.js:130:7:130:29 | split | semmle.label | split | +| TaintedPath.js:130:15:130:18 | path | semmle.label | path | +| TaintedPath.js:130:15:130:29 | path.split("/") | semmle.label | path.split("/") | +| TaintedPath.js:132:19:132:23 | split | semmle.label | split | +| TaintedPath.js:132:19:132:33 | split.join("/") | semmle.label | split.join("/") | +| TaintedPath.js:136:19:136:23 | split | semmle.label | split | +| TaintedPath.js:136:19:136:26 | split[x] | semmle.label | split[x] | +| TaintedPath.js:137:19:137:35 | prefix + split[x] | semmle.label | prefix + split[x] | +| TaintedPath.js:137:28:137:32 | split | semmle.label | split | +| TaintedPath.js:137:28:137:35 | split[x] | semmle.label | split[x] | +| TaintedPath.js:139:7:139:38 | concatted | semmle.label | concatted | +| TaintedPath.js:139:19:139:38 | prefix.concat(split) | semmle.label | prefix.concat(split) | +| TaintedPath.js:139:33:139:37 | split | semmle.label | split | +| TaintedPath.js:140:19:140:27 | concatted | semmle.label | concatted | +| TaintedPath.js:140:19:140:37 | concatted.join("/") | semmle.label | concatted.join("/") | +| TaintedPath.js:142:7:142:39 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:142:20:142:24 | split | semmle.label | split | +| TaintedPath.js:142:20:142:39 | split.concat(prefix) | semmle.label | split.concat(prefix) | +| TaintedPath.js:143:19:143:28 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:143:19:143:38 | concatted2.join("/") | semmle.label | concatted2.join("/") | +| TaintedPath.js:145:19:145:23 | split | semmle.label | split | +| TaintedPath.js:145:19:145:29 | split.pop() | semmle.label | split.pop() | +| TaintedPath.js:150:7:150:48 | path | semmle.label | path | +| TaintedPath.js:150:14:150:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:150:14:150:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:150:14:150:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:150:24:150:30 | req.url | semmle.label | req.url | +| TaintedPath.js:154:29:154:32 | path | semmle.label | path | +| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:160:29:160:32 | path | semmle.label | path | +| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:161:29:161:32 | path | semmle.label | path | +| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:162:29:162:32 | path | semmle.label | path | +| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:163:29:163:32 | path | semmle.label | path | +| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') | +| TaintedPath.js:178:40:178:43 | path | semmle.label | path | +| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') | +| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') | +| TaintedPath.js:179:50:179:53 | path | semmle.label | path | +| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) | +| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo | +| TaintedPath.js:187:38:187:44 | req.url | semmle.label | req.url | +| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) | +| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo | +| TaintedPath.js:188:38:188:58 | normali ... eq.url) | semmle.label | normali ... eq.url) | +| TaintedPath.js:188:51:188:57 | req.url | semmle.label | req.url | +| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) | +| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo | +| TaintedPath.js:190:44:190:50 | req.url | semmle.label | req.url | +| TaintedPath.js:195:7:195:48 | path | semmle.label | path | +| TaintedPath.js:195:14:195:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:195:14:195:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:195:14:195:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:195:24:195:30 | req.url | semmle.label | req.url | +| TaintedPath.js:196:31:196:34 | path | semmle.label | path | +| TaintedPath.js:197:45:197:48 | path | semmle.label | path | +| TaintedPath.js:198:35:198:38 | path | semmle.label | path | +| TaintedPath.js:202:7:202:48 | path | semmle.label | path | +| TaintedPath.js:202:14:202:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:202:14:202:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:202:14:202:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:202:24:202:30 | req.url | semmle.label | req.url | +| TaintedPath.js:206:29:206:32 | path | semmle.label | path | +| TaintedPath.js:206:29:206:85 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| TaintedPath.js:211:7:211:48 | path | semmle.label | path | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url | +| TaintedPath.js:213:29:213:32 | path | semmle.label | path | +| TaintedPath.js:213:29:213:68 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| TaintedPath.js:216:31:216:34 | path | semmle.label | path | +| TaintedPath.js:216:31:216:69 | path.re ... '), '') | semmle.label | path.re ... '), '') | +| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath | +| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | +| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | +| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | +| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath | +| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath | +| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path | +| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path | +| normalizedPaths.js:11:7:11:27 | path | semmle.label | path | +| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:13:19:13:22 | path | semmle.label | path | +| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:14:26:14:29 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:22 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:16:35:16:38 | path | semmle.label | path | +| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:17:53:17:56 | path | semmle.label | path | +| normalizedPaths.js:21:7:21:49 | path | semmle.label | path | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:23:19:23:22 | path | semmle.label | path | +| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:24:26:24:29 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:22 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:26:35:26:38 | path | semmle.label | path | +| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:27:53:27:56 | path | semmle.label | path | +| normalizedPaths.js:31:7:31:49 | path | semmle.label | path | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:36:19:36:22 | path | semmle.label | path | +| normalizedPaths.js:41:21:41:24 | path | semmle.label | path | +| normalizedPaths.js:54:7:54:49 | path | semmle.label | path | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:59:19:59:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" | +| normalizedPaths.js:68:21:68:24 | path | semmle.label | path | +| normalizedPaths.js:73:7:73:56 | path | semmle.label | path | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | semmle.label | './' + ... ry.path | +| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:78:22:78:25 | path | semmle.label | path | +| normalizedPaths.js:82:7:82:27 | path | semmle.label | path | +| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:87:29:87:32 | path | semmle.label | path | +| normalizedPaths.js:90:31:90:34 | path | semmle.label | path | +| normalizedPaths.js:94:7:94:49 | path | semmle.label | path | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:99:29:99:32 | path | semmle.label | path | +| normalizedPaths.js:117:7:117:44 | path | semmle.label | path | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) | +| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:119:19:119:22 | path | semmle.label | path | +| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:120:35:120:38 | path | semmle.label | path | +| normalizedPaths.js:130:7:130:49 | path | semmle.label | path | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:135:21:135:24 | path | semmle.label | path | +| normalizedPaths.js:139:7:139:62 | path | semmle.label | path | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:144:21:144:24 | path | semmle.label | path | +| normalizedPaths.js:148:7:148:58 | path | semmle.label | path | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | semmle.label | 'foo/' ... y.path) | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:151:21:151:24 | path | semmle.label | path | +| normalizedPaths.js:153:21:153:24 | path | semmle.label | path | +| normalizedPaths.js:160:7:160:49 | path | semmle.label | path | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:165:19:165:22 | path | semmle.label | path | +| normalizedPaths.js:170:21:170:24 | path | semmle.label | path | +| normalizedPaths.js:174:7:174:27 | path | semmle.label | path | +| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:184:19:184:22 | path | semmle.label | path | +| normalizedPaths.js:187:21:187:24 | path | semmle.label | path | +| normalizedPaths.js:189:21:189:24 | path | semmle.label | path | +| normalizedPaths.js:192:21:192:24 | path | semmle.label | path | +| normalizedPaths.js:194:21:194:24 | path | semmle.label | path | +| normalizedPaths.js:199:21:199:24 | path | semmle.label | path | +| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:201:45:201:48 | path | semmle.label | path | +| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:214:7:214:49 | path | semmle.label | path | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:219:3:219:33 | path | semmle.label | path | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) | +| normalizedPaths.js:219:29:219:32 | path | semmle.label | path | +| normalizedPaths.js:222:21:222:24 | path | semmle.label | path | +| normalizedPaths.js:226:7:226:70 | path | semmle.label | path | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') | +| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:228:21:228:24 | path | semmle.label | path | +| normalizedPaths.js:236:7:236:47 | path | semmle.label | path | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:238:19:238:22 | path | semmle.label | path | +| normalizedPaths.js:245:21:245:24 | path | semmle.label | path | +| normalizedPaths.js:250:21:250:24 | path | semmle.label | path | +| normalizedPaths.js:254:7:254:47 | path | semmle.label | path | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:256:19:256:22 | path | semmle.label | path | +| normalizedPaths.js:262:21:262:24 | path | semmle.label | path | +| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:267:38:267:41 | path | semmle.label | path | +| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:275:38:275:41 | path | semmle.label | path | +| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:283:38:283:41 | path | semmle.label | path | +| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:291:38:291:41 | path | semmle.label | path | +| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:303:6:303:26 | path | semmle.label | path | +| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:304:18:304:21 | path | semmle.label | path | +| normalizedPaths.js:309:19:309:22 | path | semmle.label | path | +| normalizedPaths.js:313:19:313:22 | path | semmle.label | path | +| normalizedPaths.js:316:19:316:22 | path | semmle.label | path | +| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:320:45:320:48 | path | semmle.label | path | +| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:339:6:339:46 | path | semmle.label | path | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:341:18:341:21 | path | semmle.label | path | +| normalizedPaths.js:346:19:346:22 | path | semmle.label | path | +| normalizedPaths.js:354:7:354:27 | path | semmle.label | path | +| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:356:19:356:22 | path | semmle.label | path | +| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:358:47:358:50 | path | semmle.label | path | +| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:377:7:377:27 | path | semmle.label | path | +| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:379:19:379:22 | path | semmle.label | path | +| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) | +| normalizedPaths.js:381:25:381:28 | path | semmle.label | path | +| normalizedPaths.js:385:7:385:46 | path | semmle.label | path | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:388:19:388:22 | path | semmle.label | path | +| normalizedPaths.js:399:21:399:24 | path | semmle.label | path | +| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:412:7:412:46 | path | semmle.label | path | +| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:415:19:415:22 | path | semmle.label | path | +| normalizedPaths.js:426:21:426:24 | path | semmle.label | path | +| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path | +| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path | +| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path | +| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path | +| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path | +| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path | +| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path | +| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path | +| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path | +| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path | +| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path | +| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path | +| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path | +| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path | +| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path | +| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path | +| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path | +| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path | +| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path | +| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path | +| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path | +| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path | +| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path | +| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x | +| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x | +| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path | +| prettier.js:6:11:6:28 | p | semmle.label | p | +| prettier.js:6:13:6:13 | p | semmle.label | p | +| prettier.js:7:28:7:28 | p | semmle.label | p | +| prettier.js:11:44:11:44 | p | semmle.label | p | +| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | semmle.label | "dir/" ... t.data" | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | +| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | +| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | +| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | +| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path | +| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj | +| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path | +| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj | +| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub | +| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj | +| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 | +| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj | +| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj | +| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj | +| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path | +| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path | +| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] | +| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path | +| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path | +| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") | +| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") | +| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) | +| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | +| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x | +| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path | +| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) | +| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path | +| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) | +| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path | +| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) | +| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path | +| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) | +| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path | +| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) | +| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) | +| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path | +| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) | +| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() | +| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path | +| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() | +| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') | +| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] | +| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) | +| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] | +| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") | +| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] | +| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever | +| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path | +| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| torrents.js:5:6:5:38 | name | semmle.label | name | +| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| torrents.js:6:6:6:45 | loc | semmle.label | loc | +| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" | +| torrents.js:6:24:6:27 | name | semmle.label | name | +| torrents.js:7:25:7:27 | loc | semmle.label | loc | +| typescript.ts:9:7:9:48 | path | semmle.label | path | +| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url | +| typescript.ts:12:29:12:32 | path | semmle.label | path | +| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 | +| typescript.ts:20:15:20:18 | path | semmle.label | path | +| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 | +| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 | +| typescript.ts:23:15:23:18 | path | semmle.label | path | +| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 | +| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 | +| typescript.ts:30:15:30:18 | path | semmle.label | path | +| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 | +| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | edges -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | -| TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | -| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | -| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | -| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | -| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | -| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:415:19:415:22 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | -| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | normalizedPaths.js:412:7:412:46 | path | -| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | normalizedPaths.js:412:7:412:46 | path | -| normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | +| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance | | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance | | +| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config | +| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance | | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance | | +| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance | | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance | | +| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config | +| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config | +| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config | +| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config | +| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config | +| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | provenance | Config | +| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | provenance | Config | +| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | provenance | Config | +| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | provenance | Config | +| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | provenance | Config | +| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | provenance | Config | +| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | provenance | | +| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | provenance | | +| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | provenance | | +| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | provenance | Config | +| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | provenance | Config | +| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | provenance | | +| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | provenance | | +| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | provenance | | +| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | provenance | | +| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | provenance | | +| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | provenance | | +| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | provenance | | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | provenance | | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | provenance | | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | provenance | | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | provenance | | +| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | provenance | | +| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | provenance | Config | +| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | provenance | | +| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | provenance | Config | +| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | provenance | Config | +| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | provenance | Config | +| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | provenance | Config | +| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | provenance | | +| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | provenance | | +| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | provenance | Config | +| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | provenance | Config | +| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | provenance | | +| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | provenance | Config | +| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | provenance | | +| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | provenance | Config | +| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | provenance | Config | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | provenance | | +| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | provenance | | +| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | provenance | | +| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | provenance | Config | +| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | provenance | Config | +| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | provenance | Config | +| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | provenance | Config | +| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | provenance | Config | +| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | provenance | Config | +| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | provenance | Config | +| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | provenance | Config | +| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | provenance | Config | +| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | provenance | Config | +| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | provenance | | +| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | provenance | | +| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | provenance | | +| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance | | +| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | provenance | | +| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | provenance | | +| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | provenance | Config | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | provenance | | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | provenance | | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | | +| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | provenance | Config | +| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | provenance | Config | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance | | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config | +| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance | | +| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance | | +| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance | | +| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | provenance | | +| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | provenance | | +| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | provenance | Config | +| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | provenance | | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | provenance | | +| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | provenance | Config | +| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | provenance | | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | provenance | | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | provenance | | +| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | provenance | | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | provenance | | +| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | provenance | Config | +| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | provenance | | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | provenance | | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | provenance | Config | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | provenance | | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | provenance | | +| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | provenance | | +| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | provenance | | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | provenance | | +| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | provenance | | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | provenance | | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | provenance | | +| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | provenance | Config | +| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | provenance | | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | provenance | | +| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | provenance | | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | provenance | | +| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | provenance | | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | provenance | | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | provenance | | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | provenance | Config | +| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | provenance | | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | provenance | | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | provenance | | +| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | provenance | | +| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | provenance | | +| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | provenance | | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | provenance | | +| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | provenance | | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | provenance | | +| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | provenance | Config | +| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | provenance | | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | provenance | Config | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | provenance | | +| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | provenance | | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | provenance | | +| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | provenance | | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | provenance | | +| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | provenance | | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | provenance | | +| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | provenance | | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | provenance | | +| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | provenance | | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | provenance | | +| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | provenance | | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | provenance | | +| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | provenance | | +| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | provenance | | +| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | provenance | | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | provenance | | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | provenance | | +| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | provenance | | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | provenance | | +| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | provenance | | +| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | provenance | | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | provenance | | +| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | provenance | | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | provenance | | +| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | provenance | | +| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | provenance | Config | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | provenance | | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | provenance | | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | provenance | | +| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | provenance | Config | +| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | provenance | Config | +| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | provenance | Config | +| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:415:19:415:22 | path | provenance | | +| normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | provenance | | +| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | normalizedPaths.js:412:7:412:46 | path | provenance | | +| normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | provenance | Config | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | provenance | | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | provenance | | +| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | provenance | | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | provenance | | +| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | provenance | | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | provenance | | +| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:73:8:73:11 | path | provenance | | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | provenance | | +| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:73:8:73:11 | path | other-fs-libraries.js:75:15:75:15 | x | provenance | | +| other-fs-libraries.js:75:15:75:15 | x | other-fs-libraries.js:76:19:76:19 | x | provenance | | +| other-fs-libraries.js:81:7:81:48 | path | other-fs-libraries.js:83:16:83:19 | path | provenance | | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | other-fs-libraries.js:81:14:81:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | other-fs-libraries.js:81:7:81:48 | path | provenance | | +| other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:81:14:81:37 | url.par ... , true) | provenance | Config | +| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | provenance | | +| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | provenance | | +| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | provenance | | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | provenance | | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | provenance | Config | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | provenance | | +| sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | provenance | | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | provenance | | +| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | provenance | | +| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:7:10:36 | obj | provenance | | +| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | provenance | Config | +| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | provenance | Config | +| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | provenance | | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | provenance | | +| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | provenance | | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | provenance | | +| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:6:7:6:48 | path | tainted-promise-steps.js:7:26:7:29 | path | provenance | | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | tainted-promise-steps.js:6:7:6:48 | path | provenance | | +| tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:7:26:7:29 | path | tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance | | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance | | +| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance | | +| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config | +| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | provenance | | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | provenance | | +| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | provenance | Config | +| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | provenance | Config | +| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | provenance | Config | +| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | provenance | Config | +| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | provenance | Config | +| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | provenance | Config | +| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | provenance | Config | +| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | provenance | Config | +| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | provenance | Config | +| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | provenance | Config | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | provenance | Config | +| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | provenance | Config | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | provenance | Config | +| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | provenance | Config | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | provenance | Config | +| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | provenance | Config | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | provenance | Config | +| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | provenance | Config | +| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | provenance | | +| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | provenance | | +| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance | | +| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance | | +| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config | +| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance | | +| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config | +| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config | +| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance | | +| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config | +| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance | | +| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance | | +| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance | | +| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance | | +| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance | | +| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance | | +subpaths #select | TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | | TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | @@ -11050,11 +1089,13 @@ edges | other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:79:16:79:19 | path | other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:79:16:79:19 | path | This path depends on a $@. | other-fs-libraries.js:77:24:77:30 | req.url | user-provided value | +| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value | | prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | | pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | @@ -11063,6 +1104,8 @@ edges | tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value | | tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value | | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value | | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js index 1a618105226..1dac13246c6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js @@ -70,7 +70,11 @@ http.createServer(function(req, res) { fs.readFileSync(path); // NOT OK mkdirp(path); // NOT OK mkdirp.sync(path); // NOT OK + func(path); }); +function func(x) { + fs.readFileSync(x); // NOT OK +} const fsp = require("fs/promises"); http.createServer(function(req, res) { diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js new file mode 100644 index 00000000000..eebc95348ba --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js @@ -0,0 +1,35 @@ +const fs = require('fs'); +const express = require('express'); +const app = express(); + +app.get('/', function (req, res) { + getTree(req, res, { workspaceDir: '/tmp' }); +}); + +function getTree(req, res, options) { + var workspaceId = req.params.workspaceId; + var realfileRootPath = workspaceId; // getfileRoot(workspaceId); + var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]); + withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); +} + +function getfileRoot(workspaceId) { + var userId = decodeUserIdFromWorkspaceId(workspaceId); + return path.join(userId.substring(0,2), userId, decodeWorkspaceNameFromWorkspaceId(workspaceId)); +} + +function withStatsAndETag(filepath, callback) { + fs.readFileSync(filepath); // NOT OK +}; + +function decodeUserIdFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(0, index); +} + +function decodeWorkspaceNameFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(index + 1); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js new file mode 100644 index 00000000000..49c5fa78fe8 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js @@ -0,0 +1,15 @@ +var fs = require('fs'), + http = require('http'), + url = require('url'); + +var server = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; + doRead(Promise.resolve(path)); +}); + +async function doRead(pathPromise) { + fs.readFileSync(await pathPromise); // NOT OK + pathPromise.then(path => fs.readFileSync(path)); // NO TOK +} + +server.listen(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected index 253bca10b03..67e38f937ba 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected @@ -1,130 +1,42 @@ nodes -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | +| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | semmle.label | zipEntry.entryName | +| TarSlipBad.js:6:36:6:46 | header.name | semmle.label | header.name | +| TarSlipBad.js:9:17:9:31 | header.linkname | semmle.label | header.linkname | +| ZipSlipBad2.js:5:9:5:46 | fileName | semmle.label | fileName | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | semmle.label | 'output ... ry.path | +| ZipSlipBad2.js:5:37:5:46 | entry.path | semmle.label | entry.path | +| ZipSlipBad2.js:6:22:6:29 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:11:7:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:22:7:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:8:37:8:44 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:11:15:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:22:15:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:16:30:16:37 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:11:22:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:22:22:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:23:28:23:35 | fileName | semmle.label | fileName | +| ZipSlipBad.js:30:14:30:17 | name | semmle.label | name | +| ZipSlipBad.js:31:26:31:29 | name | semmle.label | name | +| ZipSlipBad.js:34:16:34:19 | name | semmle.label | name | +| ZipSlipBad.js:35:26:35:29 | name | semmle.label | name | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | semmle.label | fileName | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path | +| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName | edges -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | +| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | | +| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config | +| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | | +| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | | +| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | | +| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | | +| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | | +| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | | +| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | | +subpaths #select | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation | diff --git a/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql index b873bdf9d3e..eae82dc052f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-073/Consistency.ql @@ -1,3 +1,3 @@ import javascript import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected index eee80b29592..8be388d5ad9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected @@ -1,112 +1,70 @@ nodes -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:26:11:26:24 | str | -| tst.js:26:17:26:19 | obj | -| tst.js:26:17:26:24 | obj + "" | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | +| routes.js:2:23:2:30 | req.body | semmle.label | req.body | +| tst2.js:6:9:6:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:6:25:6:32 | req.body | semmle.label | req.body | +| tst2.js:6:25:6:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:7:28:7:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:9:26:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:25:26:32 | req.body | semmle.label | req.body | +| tst2.js:26:25:26:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:27:28:27:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:9:34:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:25:34:32 | req.body | semmle.label | req.body | +| tst2.js:34:25:34:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:35:28:35:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:9:42:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:25:42:32 | req.body | semmle.label | req.body | +| tst2.js:42:25:42:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:43:28:43:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:9:51:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:25:51:32 | req.body | semmle.label | req.body | +| tst2.js:51:25:51:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:52:28:52:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:9:7:46 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:25:7:32 | req.body | semmle.label | req.body | +| tst.js:7:25:7:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst.js:8:9:8:49 | queryParameter | semmle.label | queryParameter | +| tst.js:8:26:8:49 | req.que ... rameter | semmle.label | req.que ... rameter | +| tst.js:10:28:10:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:11:28:11:41 | queryParameter | semmle.label | queryParameter | +| tst.js:20:19:20:32 | queryParameter | semmle.label | queryParameter | +| tst.js:23:24:23:26 | obj | semmle.label | obj | +| tst.js:24:28:24:30 | obj | semmle.label | obj | +| tst.js:26:11:26:24 | str | semmle.label | str | +| tst.js:26:17:26:19 | obj | semmle.label | obj | +| tst.js:26:17:26:24 | obj + "" | semmle.label | obj + "" | +| tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) | +| tst.js:29:39:29:41 | str | semmle.label | str | edges -| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | -| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | -| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | -| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | +| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | | +| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config | +| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | | +| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | | +| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config | +| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | | +| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | | +| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config | +| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | | +| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | | +| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config | +| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | | +| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | | +| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config | +| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | | +| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | | +| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config | +| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | | +| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | | +| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | | +| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | | +| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config | +| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | | +| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config | +subpaths #select | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | | tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index fb8bc60e673..e8d95064b8e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,370 +1,214 @@ -nodes -| actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:16:9:20 | title | -| actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | -| child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:35 | ctx.params.host | -| exec-sh2.js:9:17:9:23 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:15:12:15:14 | cmd | -| exec-sh.js:13:17:13:23 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:20:12:20:14 | cmd | -| execSeries.js:3:20:3:22 | arr | -| execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:13:19:13:26 | commands | -| execSeries.js:14:13:14:20 | commands | -| execSeries.js:14:24:14:30 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:19:12:19:16 | [cmd] | -| execSeries.js:19:13:19:15 | cmd | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:21:13:24 | file | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:33 | part.filename | -| other.js:5:9:5:49 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:25:5:31 | req.url | -| other.js:5:25:5:31 | req.url | -| other.js:7:33:7:35 | cmd | -| other.js:7:33:7:35 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:34:44:34:46 | cmd | -| other.js:34:44:34:46 | cmd | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:6:21:6:27 | command | edges -| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:44 | url.par ... ).query | child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:44 | url.par ... ).query | exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | -| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | -| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | -| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | -| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | -| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | -| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:21:59:33 | part.filename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | +| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | provenance | | +| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | provenance | | +| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | provenance | | +| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | provenance | | +| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | provenance | | +| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | | +| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | | +| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | | +| child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance | | +| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args | provenance | | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | | +| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | | +| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | | +| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | | +| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | | +| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | provenance | | +| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | provenance | | +| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | provenance | | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | provenance | | +| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | provenance | | +| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | provenance | | +| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | provenance | | +| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | provenance | | +| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | | +| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | | +| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | | +| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | | +| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | | +| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | | +| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | | +| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | | +| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | | +| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | | +| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | | +| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | | +| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | | +| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | provenance | | +| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | provenance | | +| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | provenance | | +| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | provenance | | +| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | provenance | | +| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | provenance | | +| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | provenance | | +| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | provenance | | +| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | provenance | | +| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | provenance | | +| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | provenance | | +| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | provenance | | +| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | provenance | | +| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | provenance | | +| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | | +| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | provenance | | +nodes +| actions.js:8:9:8:57 | title | semmle.label | title | +| actions.js:8:17:8:57 | github. ... t.title | semmle.label | github. ... t.title | +| actions.js:9:8:9:22 | `echo ${title}` | semmle.label | `echo ${title}` | +| actions.js:9:16:9:20 | title | semmle.label | title | +| actions.js:18:9:18:63 | head_ref | semmle.label | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | semmle.label | github. ... ead.ref | +| actions.js:19:14:19:31 | `echo ${head_ref}` | semmle.label | `echo ${head_ref}` | +| actions.js:19:22:19:29 | head_ref | semmle.label | head_ref | +| child_process-test.js:6:9:6:49 | cmd | semmle.label | cmd | +| child_process-test.js:6:15:6:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:25:6:31 | req.url | semmle.label | req.url | +| child_process-test.js:17:13:17:15 | cmd | semmle.label | cmd | +| child_process-test.js:18:17:18:19 | cmd | semmle.label | cmd | +| child_process-test.js:19:17:19:19 | cmd | semmle.label | cmd | +| child_process-test.js:20:21:20:23 | cmd | semmle.label | cmd | +| child_process-test.js:21:14:21:16 | cmd | semmle.label | cmd | +| child_process-test.js:22:18:22:20 | cmd | semmle.label | cmd | +| child_process-test.js:23:13:23:15 | cmd | semmle.label | cmd | +| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | semmle.label | "foo" + cmd + "bar" | +| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd | +| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd | +| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd | +| child_process-test.js:48:5:48:8 | [post update] args [1] | semmle.label | [post update] args [1] | +| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd | +| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd | +| child_process-test.js:49:15:49:18 | args [1] | semmle.label | args [1] | +| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd | +| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) | +| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd | +| child_process-test.js:66:19:66:22 | args | semmle.label | args | +| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd | +| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url | +| child_process-test.js:75:29:75:31 | cmd | semmle.label | cmd | +| child_process-test.js:83:19:83:36 | req.query.fileName | semmle.label | req.query.fileName | +| child_process-test.js:94:11:94:35 | "ping " ... ms.host | semmle.label | "ping " ... ms.host | +| child_process-test.js:94:21:94:30 | ctx.params | semmle.label | ctx.params | +| exec-sh2.js:9:17:9:23 | command | semmle.label | command | +| exec-sh2.js:10:40:10:46 | command | semmle.label | command | +| exec-sh2.js:14:9:14:49 | cmd | semmle.label | cmd | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh2.js:14:25:14:31 | req.url | semmle.label | req.url | +| exec-sh2.js:15:12:15:14 | cmd | semmle.label | cmd | +| exec-sh.js:13:17:13:23 | command | semmle.label | command | +| exec-sh.js:15:44:15:50 | command | semmle.label | command | +| exec-sh.js:19:9:19:49 | cmd | semmle.label | cmd | +| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url | +| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd | +| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] | +| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] | +| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] | +| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:24:14:30 | command | semmle.label | command | +| execSeries.js:14:41:14:47 | command | semmle.label | command | +| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd | +| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) | +| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url | +| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] | +| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd | +| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:9:19:9:26 | req.file | semmle.label | req.file | +| form-parsers.js:13:3:13:11 | req.files | semmle.label | req.files | +| form-parsers.js:13:21:13:24 | file | semmle.label | file | +| form-parsers.js:14:10:14:37 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:14:21:14:24 | file | semmle.label | file | +| form-parsers.js:24:48:24:55 | filename | semmle.label | filename | +| form-parsers.js:25:10:25:28 | "touch " + filename | semmle.label | "touch " + filename | +| form-parsers.js:25:21:25:28 | filename | semmle.label | filename | +| form-parsers.js:35:25:35:30 | fields | semmle.label | fields | +| form-parsers.js:36:10:36:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:36:21:36:26 | fields | semmle.label | fields | +| form-parsers.js:40:26:40:31 | fields | semmle.label | fields | +| form-parsers.js:41:10:41:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:41:21:41:26 | fields | semmle.label | fields | +| form-parsers.js:52:34:52:39 | fields | semmle.label | fields | +| form-parsers.js:53:10:53:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:53:21:53:26 | fields | semmle.label | fields | +| form-parsers.js:58:30:58:33 | part | semmle.label | part | +| form-parsers.js:59:10:59:33 | "touch ... ilename | semmle.label | "touch ... ilename | +| form-parsers.js:59:21:59:24 | part | semmle.label | part | +| other.js:5:9:5:49 | cmd | semmle.label | cmd | +| other.js:5:15:5:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| other.js:5:25:5:31 | req.url | semmle.label | req.url | +| other.js:7:33:7:35 | cmd | semmle.label | cmd | +| other.js:8:28:8:30 | cmd | semmle.label | cmd | +| other.js:9:32:9:34 | cmd | semmle.label | cmd | +| other.js:10:29:10:31 | cmd | semmle.label | cmd | +| other.js:11:29:11:31 | cmd | semmle.label | cmd | +| other.js:12:27:12:29 | cmd | semmle.label | cmd | +| other.js:14:28:14:30 | cmd | semmle.label | cmd | +| other.js:15:34:15:36 | cmd | semmle.label | cmd | +| other.js:16:21:16:23 | cmd | semmle.label | cmd | +| other.js:17:27:17:29 | cmd | semmle.label | cmd | +| other.js:18:22:18:24 | cmd | semmle.label | cmd | +| other.js:19:36:19:38 | cmd | semmle.label | cmd | +| other.js:22:21:22:23 | cmd | semmle.label | cmd | +| other.js:23:28:23:30 | cmd | semmle.label | cmd | +| other.js:26:34:26:36 | cmd | semmle.label | cmd | +| other.js:28:27:28:29 | cmd | semmle.label | cmd | +| other.js:30:33:30:35 | cmd | semmle.label | cmd | +| other.js:34:44:34:46 | cmd | semmle.label | cmd | +| third-party-command-injection.js:5:20:5:26 | command | semmle.label | command | +| third-party-command-injection.js:6:21:6:27 | command | semmle.label | command | +subpaths #select | actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | | actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | @@ -385,6 +229,7 @@ edges | child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | | child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | | child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | +| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | | child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value | | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value | | child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql index 809ac986edc..77e19c320df 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-078/Consistency.ql @@ -1,12 +1,12 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.CommandInjectionQuery as CommandInjection import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery as IndirectCommandInjection import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery as ShellCommandInjectionFromEnvironment import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery as UnsafeShellCommandConstruction import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery as SecondOrderCommandInjectionQuery -class CommandInjectionConsistency extends ConsistencyConfiguration { +deprecated class CommandInjectionConsistency extends ConsistencyConfiguration { CommandInjectionConsistency() { this = "ComandInjection" } override File getAFile() { not result.getBaseName() = "uselesscat.js" } @@ -14,7 +14,7 @@ class CommandInjectionConsistency extends ConsistencyConfiguration { import semmle.javascript.security.UselessUseOfCat -class UselessCatConsistency extends ConsistencyConfiguration { +deprecated class UselessCatConsistency extends ConsistencyConfiguration { UselessCatConsistency() { this = "Cat" } override DataFlow::Node getAnAlert() { result instanceof UselessCat } diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 47d8d4adcb1..b8ce07f4ca8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,427 +1,296 @@ -nodes -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | -| actions.js:8:10:8:10 | e | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | -| actions.js:12:6:12:16 | process.env | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | edges -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | provenance | | +| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | provenance | | +| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | provenance | | +| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | provenance | | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | | +| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | | +| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | | +| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | provenance | | +| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | provenance | | +| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | | +| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | provenance | | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | provenance | | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | provenance | | +| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | provenance | | +| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | provenance | | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | provenance | | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | provenance | | +| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | provenance | | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | provenance | | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | provenance | | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | provenance | | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | provenance | | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | provenance | | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | provenance | | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | provenance | | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | provenance | | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | provenance | | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | provenance | | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | provenance | | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | provenance | | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | provenance | | +| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | provenance | | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | provenance | | +| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | provenance | | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | provenance | | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | provenance | | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | provenance | | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | provenance | | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | provenance | | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | provenance | | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | provenance | | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | provenance | | +| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | provenance | | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | provenance | | +nodes +| actions.js:4:6:4:16 | process.env | semmle.label | process.env | +| actions.js:4:6:4:29 | process ... _DATA'] | semmle.label | process ... _DATA'] | +| actions.js:7:15:7:15 | e | semmle.label | e | +| actions.js:8:10:8:10 | e | semmle.label | e | +| actions.js:8:10:8:23 | e['TEST_DATA'] | semmle.label | e['TEST_DATA'] | +| actions.js:12:6:12:16 | process.env | semmle.label | process.env | +| actions.js:14:6:14:21 | getInput('data') | semmle.label | getInput('data') | +| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | semmle.label | "cmd.sh ... argv[2] | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:6:10:33 | args | semmle.label | args | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] | +| command-line-parameter-command-injection.js:11:14:11:17 | args | semmle.label | args | +| command-line-parameter-command-injection.js:11:14:11:17 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | semmle.label | args[0] | +| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | semmle.label | "cmd.sh " + args[0] | +| command-line-parameter-command-injection.js:12:26:12:29 | args | semmle.label | args | +| command-line-parameter-command-injection.js:12:26:12:29 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | semmle.label | args[0] | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] | +| command-line-parameter-command-injection.js:14:18:14:21 | args | semmle.label | args | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | semmle.label | args.slice(1) | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) [ArrayElement] | semmle.label | args.slice(1) [ArrayElement] | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] | +| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | semmle.label | fewerArgs[0] | +| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | semmle.label | "cmd.sh ... Args[0] | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] | +| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | semmle.label | fewerArgs[0] | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs [ArrayElement] | semmle.label | fewerArgs [ArrayElement] | +| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | semmle.label | fewerArgs[0] | +| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:24:8:24:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] | +| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:26:32:26:35 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | semmle.label | args[0] | +| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | semmle.label | args.join(' ') | +| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | semmle.label | "cmd.sh ... )().foo | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | semmle.label | require ... rgs")() | +| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:36:6:39:7 | args | semmle.label | args | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | semmle.label | require ... \\t\\t.argv | +| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:41:22:41:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | semmle.label | "cmd.sh ... e().foo | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:47:8:53:12 | args | semmle.label | args | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | semmle.label | argv: { ... rgs\\n\\t\\t} | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | semmle.label | {\\n\\t\\t\\t...args\\n\\t\\t} | +| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:55:22:55:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | semmle.label | {taint1 ... 2rest}} [taint1] | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | semmle.label | {taint1 ... 2rest}} [taint2] | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | semmle.label | taint1: ... t1rest} | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | semmle.label | {...taint1rest} | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | semmle.label | taint2: ... t2rest} | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | semmle.label | {...taint2rest} | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | semmle.label | "cmd.sh ... nt1rest | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | semmle.label | "cmd.sh ... nt2rest | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | semmle.label | {...taint3} | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | semmle.label | "cmd.sh " + taint3 | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | semmle.label | [...taint4] | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | semmle.label | "cmd.sh " + taint4 | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | semmle.label | "cmd.sh ... gv).foo | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | semmle.label | minimist(argv) | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | semmle.label | subarg( ... ice(2)) | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | semmle.label | yargsPa ... ice(2)) | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | semmle.label | args.pa ... s.argv) | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | semmle.label | require ... .spec}) | +| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | semmle.label | "cmd.sh ... s().foo | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | semmle.label | parser.parse_args() | +| command-line-parameter-command-injection.js:107:8:107:51 | options | semmle.label | options | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | semmle.label | command ... itions) | +| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | semmle.label | "cmd.sh ... ons.foo | +| command-line-parameter-command-injection.js:108:22:108:28 | options | semmle.label | options | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | semmle.label | meow(`h ... lags}}) | +| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | semmle.label | "cmd.sh ... nput[0] | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | semmle.label | dashdas ... tions}) | +| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | semmle.label | parser.parse() | +| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:133:8:133:41 | program | semmle.label | program | +| command-line-parameter-command-injection.js:133:10:133:16 | program | semmle.label | program | +| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:137:22:137:28 | program | semmle.label | program | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | semmle.label | program.pizzaType | +| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | semmle.label | program.pizzaType | +subpaths #select | actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | | actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected index 653a4dcff9b..e449f163d46 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected @@ -1,51 +1,26 @@ nodes -| second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:26:35:26:40 | remote | -| second-order.js:26:35:26:40 | remote | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | +| second-order.js:6:9:6:33 | remote | semmle.label | remote | +| second-order.js:6:18:6:33 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:7:33:7:38 | remote | semmle.label | remote | +| second-order.js:9:29:9:34 | remote | semmle.label | remote | +| second-order.js:11:33:11:38 | remote | semmle.label | remote | +| second-order.js:13:9:13:31 | myArgs | semmle.label | myArgs | +| second-order.js:13:18:13:31 | req.query.args | semmle.label | req.query.args | +| second-order.js:15:19:15:24 | myArgs | semmle.label | myArgs | +| second-order.js:26:35:26:40 | remote | semmle.label | remote | +| second-order.js:29:19:29:32 | req.query.args | semmle.label | req.query.args | +| second-order.js:40:28:40:43 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args | edges -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | +| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | | +| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | | +| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | | +| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | | +subpaths #select | second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | | second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected index 7bea597fc28..046d83da058 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected @@ -1,32 +1,21 @@ -nodes -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | edges -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | provenance | | +nodes +| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | semmle.label | __dirname | +subpaths #select | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path | | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected index f2fa354a305..0e0cf297fa2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected @@ -1,804 +1,361 @@ -nodes -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:330:9:330:9 | x | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:25:340:25 | n | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | -| lib/lib.js:428:36:428:39 | name | -| lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:431:23:431:26 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:551:33:551:36 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/lib.js:632:38:632:41 | name | -| lib/lib.js:632:38:632:41 | name | -| lib/lib.js:633:6:633:68 | sanitized | -| lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | -| lib/lib.js:633:24:633:27 | name | -| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | -| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | -| lib/lib.js:634:22:634:30 | sanitized | -| lib/lib.js:634:22:634:30 | sanitized | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | edges -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:23 | opts | lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:12:425:13 | [] | lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:426:11:426:14 | name | lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:428:36:428:45 | name + ':' | lib/lib.js:428:29:428:50 | name ? ... :' : '' | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | -| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:27 | name | -| lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:27 | name | -| lib/lib.js:633:6:633:68 | sanitized | lib/lib.js:634:22:634:30 | sanitized | -| lib/lib.js:633:6:633:68 | sanitized | lib/lib.js:634:22:634:30 | sanitized | -| lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | lib/lib.js:633:6:633:68 | sanitized | -| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | -| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | -| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | lib/lib.js:633:18:633:68 | "'" + n ... ) + "'" | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | +| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | provenance | | +| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | provenance | | +| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | provenance | | +| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | provenance | | +| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | provenance | | +| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | provenance | | +| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | provenance | | +| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | provenance | | +| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | provenance | | +| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | provenance | | +| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | provenance | | +| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | provenance | | +| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | provenance | | +| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | provenance | | +| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | provenance | | +| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | provenance | | +| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | provenance | | +| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | provenance | | +| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | provenance | | +| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:6:181:52 | broken | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | provenance | | +| lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:251:27:251:30 | name | provenance | | +| lib/lib.js:251:6:251:31 | cleaned | lib/lib.js:253:22:253:28 | cleaned | provenance | | +| lib/lib.js:251:16:251:31 | cleanInput(name) | lib/lib.js:251:6:251:31 | cleaned | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:251:16:251:31 | cleanInput(name) | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | provenance | | +| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | provenance | | +| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | provenance | | +| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | provenance | | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | lib/lib.js:281:23:281:26 | this [opts, bla] | provenance | | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | provenance | | +| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | provenance | | +| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:26 | this [opts, bla] | lib/lib.js:281:23:281:31 | this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:31 | this.opts [bla] | lib/lib.js:281:23:281:35 | this.opts.bla | provenance | | +| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | provenance | | +| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | provenance | | +| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | provenance | | +| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | provenance | | +| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | provenance | | +| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance | | +| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:427:14:427:16 | arr | provenance | | +| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance | | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance | | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | provenance | | +| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:437:9:437:11 | arr | provenance | | +| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | lib/lib.js:437:9:437:11 | arr [ArrayElement] | provenance | | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | provenance | | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | provenance | | +| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | | +| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | provenance | | +| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | provenance | | +| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | provenance | | +| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | provenance | | +| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:551:33:551:36 | args [1] | lib/lib.js:552:23:552:26 | args | provenance | | +| lib/lib.js:555:25:555:37 | ["-rf", name] [1] | lib/lib.js:551:33:551:36 | args [1] | provenance | | +| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] [1] | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | provenance | | +| lib/lib.js:632:38:632:41 | name | lib/lib.js:633:24:633:27 | name | provenance | | +| lib/lib.js:633:6:633:68 | sanitized | lib/lib.js:634:22:634:30 | sanitized | provenance | | +| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | provenance | | +| lib/lib.js:633:24:633:27 | name | lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | provenance | | +| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | lib/lib.js:633:6:633:68 | sanitized | provenance | | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | provenance | | +| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | provenance | | +| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | provenance | | +| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | provenance | | +| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | provenance | | +| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | provenance | | +| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | provenance | | +| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | provenance | | +nodes +| lib/isImported.js:5:49:5:52 | name | semmle.label | name | +| lib/isImported.js:6:22:6:25 | name | semmle.label | name | +| lib/lib2.js:3:28:3:31 | name | semmle.label | name | +| lib/lib2.js:4:22:4:25 | name | semmle.label | name | +| lib/lib2.js:7:32:7:35 | name | semmle.label | name | +| lib/lib2.js:8:22:8:25 | name | semmle.label | name | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:22:4:25 | name | semmle.label | name | +| lib/lib.js:10:32:10:35 | name | semmle.label | name | +| lib/lib.js:11:22:11:25 | name | semmle.label | name | +| lib/lib.js:14:36:14:39 | name | semmle.label | name | +| lib/lib.js:15:22:15:25 | name | semmle.label | name | +| lib/lib.js:19:34:19:37 | name | semmle.label | name | +| lib/lib.js:20:22:20:25 | name | semmle.label | name | +| lib/lib.js:26:35:26:38 | name | semmle.label | name | +| lib/lib.js:27:22:27:25 | name | semmle.label | name | +| lib/lib.js:34:14:34:17 | name | semmle.label | name | +| lib/lib.js:35:23:35:26 | name | semmle.label | name | +| lib/lib.js:37:13:37:16 | name | semmle.label | name | +| lib/lib.js:38:23:38:26 | name | semmle.label | name | +| lib/lib.js:40:6:40:9 | name | semmle.label | name | +| lib/lib.js:41:23:41:26 | name | semmle.label | name | +| lib/lib.js:49:31:49:34 | name | semmle.label | name | +| lib/lib.js:50:47:50:50 | name | semmle.label | name | +| lib/lib.js:53:33:53:36 | name | semmle.label | name | +| lib/lib.js:54:25:54:28 | name | semmle.label | name | +| lib/lib.js:57:25:57:28 | name | semmle.label | name | +| lib/lib.js:64:41:64:44 | name | semmle.label | name | +| lib/lib.js:65:22:65:25 | name | semmle.label | name | +| lib/lib.js:69:27:69:30 | name | semmle.label | name | +| lib/lib.js:71:28:71:31 | name | semmle.label | name | +| lib/lib.js:73:21:73:24 | name | semmle.label | name | +| lib/lib.js:75:20:75:23 | name | semmle.label | name | +| lib/lib.js:77:28:77:31 | name | semmle.label | name | +| lib/lib.js:82:35:82:38 | name | semmle.label | name | +| lib/lib.js:83:22:83:25 | name | semmle.label | name | +| lib/lib.js:86:13:86:16 | name | semmle.label | name | +| lib/lib.js:89:21:89:24 | name | semmle.label | name | +| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | semmle.label | "\\"" + name + "\\"" | +| lib/lib.js:91:28:91:31 | name | semmle.label | name | +| lib/lib.js:97:35:97:38 | name | semmle.label | name | +| lib/lib.js:98:35:98:38 | name | semmle.label | name | +| lib/lib.js:100:37:100:40 | name | semmle.label | name | +| lib/lib.js:102:46:102:49 | name | semmle.label | name | +| lib/lib.js:108:41:108:44 | name | semmle.label | name | +| lib/lib.js:111:34:111:37 | name | semmle.label | name | +| lib/lib.js:112:22:112:25 | name | semmle.label | name | +| lib/lib.js:120:33:120:36 | name | semmle.label | name | +| lib/lib.js:121:22:121:25 | name | semmle.label | name | +| lib/lib.js:130:6:130:9 | name | semmle.label | name | +| lib/lib.js:131:23:131:26 | name | semmle.label | name | +| lib/lib.js:148:37:148:40 | name | semmle.label | name | +| lib/lib.js:149:24:149:27 | name | semmle.label | name | +| lib/lib.js:155:38:155:41 | name | semmle.label | name | +| lib/lib.js:161:25:161:28 | name | semmle.label | name | +| lib/lib.js:170:41:170:44 | name | semmle.label | name | +| lib/lib.js:173:20:173:23 | name | semmle.label | name | +| lib/lib.js:177:38:177:41 | name | semmle.label | name | +| lib/lib.js:181:6:181:52 | broken | semmle.label | broken | +| lib/lib.js:181:21:181:24 | name | semmle.label | name | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:182:22:182:27 | broken | semmle.label | broken | +| lib/lib.js:186:34:186:37 | name | semmle.label | name | +| lib/lib.js:187:22:187:25 | name | semmle.label | name | +| lib/lib.js:190:23:190:26 | name | semmle.label | name | +| lib/lib.js:196:45:196:48 | name | semmle.label | name | +| lib/lib.js:197:22:197:25 | name | semmle.label | name | +| lib/lib.js:200:23:200:26 | name | semmle.label | name | +| lib/lib.js:206:45:206:48 | name | semmle.label | name | +| lib/lib.js:207:22:207:25 | name | semmle.label | name | +| lib/lib.js:212:23:212:26 | name | semmle.label | name | +| lib/lib.js:216:39:216:42 | name | semmle.label | name | +| lib/lib.js:217:22:217:25 | name | semmle.label | name | +| lib/lib.js:220:23:220:26 | name | semmle.label | name | +| lib/lib.js:224:22:224:25 | name | semmle.label | name | +| lib/lib.js:227:39:227:42 | name | semmle.label | name | +| lib/lib.js:228:22:228:25 | name | semmle.label | name | +| lib/lib.js:236:22:236:25 | name | semmle.label | name | +| lib/lib.js:239:28:239:28 | s | semmle.label | s | +| lib/lib.js:245:9:245:9 | s | semmle.label | s | +| lib/lib.js:248:42:248:45 | name | semmle.label | name | +| lib/lib.js:249:22:249:25 | name | semmle.label | name | +| lib/lib.js:251:6:251:31 | cleaned | semmle.label | cleaned | +| lib/lib.js:251:16:251:31 | cleanInput(name) | semmle.label | cleanInput(name) | +| lib/lib.js:251:27:251:30 | name | semmle.label | name | +| lib/lib.js:253:22:253:28 | cleaned | semmle.label | cleaned | +| lib/lib.js:257:35:257:38 | name | semmle.label | name | +| lib/lib.js:258:22:258:25 | name | semmle.label | name | +| lib/lib.js:261:30:261:33 | name | semmle.label | name | +| lib/lib.js:267:46:267:48 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:24 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:32 | obj.version | semmle.label | obj.version | +| lib/lib.js:276:8:276:11 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:26 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:30 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | semmle.label | [post update] this [opts, bla] | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | semmle.label | [post update] this.opts [bla] | +| lib/lib.js:279:19:279:22 | opts | semmle.label | opts | +| lib/lib.js:279:19:279:26 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:281:23:281:26 | this [opts, bla] | semmle.label | this [opts, bla] | +| lib/lib.js:281:23:281:31 | this.opts [bla] | semmle.label | this.opts [bla] | +| lib/lib.js:281:23:281:35 | this.opts.bla | semmle.label | this.opts.bla | +| lib/lib.js:307:39:307:42 | name | semmle.label | name | +| lib/lib.js:308:23:308:26 | name | semmle.label | name | +| lib/lib.js:314:40:314:43 | name | semmle.label | name | +| lib/lib.js:315:22:315:25 | name | semmle.label | name | +| lib/lib.js:320:23:320:26 | name | semmle.label | name | +| lib/lib.js:324:40:324:42 | arg | semmle.label | arg | +| lib/lib.js:325:49:325:51 | arg | semmle.label | arg | +| lib/lib.js:329:13:329:13 | x | semmle.label | x | +| lib/lib.js:330:9:330:9 | x | semmle.label | x | +| lib/lib.js:339:39:339:39 | n | semmle.label | n | +| lib/lib.js:340:22:340:26 | id(n) | semmle.label | id(n) | +| lib/lib.js:340:25:340:25 | n | semmle.label | n | +| lib/lib.js:349:29:349:34 | unsafe | semmle.label | unsafe | +| lib/lib.js:351:22:351:27 | unsafe | semmle.label | unsafe | +| lib/lib.js:405:39:405:42 | name | semmle.label | name | +| lib/lib.js:406:22:406:25 | name | semmle.label | name | +| lib/lib.js:414:40:414:43 | name | semmle.label | name | +| lib/lib.js:415:22:415:25 | name | semmle.label | name | +| lib/lib.js:417:28:417:31 | name | semmle.label | name | +| lib/lib.js:418:25:418:28 | name | semmle.label | name | +| lib/lib.js:419:32:419:35 | name | semmle.label | name | +| lib/lib.js:420:29:420:32 | name | semmle.label | name | +| lib/lib.js:424:24:424:27 | name | semmle.label | name | +| lib/lib.js:426:2:426:4 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:427:14:427:16 | arr | semmle.label | arr | +| lib/lib.js:428:14:428:58 | build(" ... + '-') | semmle.label | build(" ... + '-') | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' | +| lib/lib.js:428:36:428:39 | name | semmle.label | name | +| lib/lib.js:431:23:431:26 | last | semmle.label | last | +| lib/lib.js:436:10:436:12 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:437:9:437:11 | arr | semmle.label | arr | +| lib/lib.js:437:9:437:11 | arr [ArrayElement] | semmle.label | arr [ArrayElement] | +| lib/lib.js:441:39:441:42 | name | semmle.label | name | +| lib/lib.js:442:24:442:27 | name | semmle.label | name | +| lib/lib.js:446:20:446:23 | name | semmle.label | name | +| lib/lib.js:447:25:447:28 | name | semmle.label | name | +| lib/lib.js:477:33:477:38 | config | semmle.label | config | +| lib/lib.js:478:27:478:32 | config | semmle.label | config | +| lib/lib.js:478:27:478:46 | config.installedPath | semmle.label | config.installedPath | +| lib/lib.js:482:40:482:43 | name | semmle.label | name | +| lib/lib.js:483:30:483:33 | name | semmle.label | name | +| lib/lib.js:498:45:498:48 | name | semmle.label | name | +| lib/lib.js:499:31:499:34 | name | semmle.label | name | +| lib/lib.js:509:39:509:42 | name | semmle.label | name | +| lib/lib.js:510:22:510:25 | name | semmle.label | name | +| lib/lib.js:513:23:513:26 | name | semmle.label | name | +| lib/lib.js:519:23:519:26 | name | semmle.label | name | +| lib/lib.js:525:23:525:26 | name | semmle.label | name | +| lib/lib.js:531:23:531:26 | name | semmle.label | name | +| lib/lib.js:537:23:537:26 | name | semmle.label | name | +| lib/lib.js:543:23:543:26 | name | semmle.label | name | +| lib/lib.js:545:23:545:26 | name | semmle.label | name | +| lib/lib.js:550:39:550:42 | name | semmle.label | name | +| lib/lib.js:551:33:551:36 | args [1] | semmle.label | args [1] | +| lib/lib.js:552:23:552:26 | args | semmle.label | args | +| lib/lib.js:555:25:555:37 | ["-rf", name] [1] | semmle.label | ["-rf", name] [1] | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:558:41:558:44 | name | semmle.label | name | +| lib/lib.js:560:26:560:29 | name | semmle.label | name | +| lib/lib.js:562:26:562:29 | name | semmle.label | name | +| lib/lib.js:566:26:566:29 | name | semmle.label | name | +| lib/lib.js:572:41:572:44 | name | semmle.label | name | +| lib/lib.js:573:22:573:25 | name | semmle.label | name | +| lib/lib.js:579:25:579:28 | name | semmle.label | name | +| lib/lib.js:590:29:590:32 | name | semmle.label | name | +| lib/lib.js:593:25:593:28 | name | semmle.label | name | +| lib/lib.js:608:42:608:45 | name | semmle.label | name | +| lib/lib.js:609:22:609:25 | name | semmle.label | name | +| lib/lib.js:626:29:626:32 | name | semmle.label | name | +| lib/lib.js:629:25:629:28 | name | semmle.label | name | +| lib/lib.js:632:38:632:41 | name | semmle.label | name | +| lib/lib.js:633:6:633:68 | sanitized | semmle.label | sanitized | +| lib/lib.js:633:24:633:27 | name | semmle.label | name | +| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | semmle.label | name.re ... '\\\\''") | +| lib/lib.js:633:24:633:62 | name.re ... '\\\\''") | semmle.label | name.re ... '\\\\''") | +| lib/lib.js:634:22:634:30 | sanitized | semmle.label | sanitized | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | semmle.label | name | +| lib/subLib2/compiled-file.ts:4:25:4:28 | name | semmle.label | name | +| lib/subLib2/special-file.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib2/special-file.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib3/my-file.ts:3:28:3:31 | name | semmle.label | name | +| lib/subLib3/my-file.ts:4:22:4:25 | name | semmle.label | name | +| lib/subLib4/index.js:6:32:6:35 | name | semmle.label | name | +| lib/subLib4/index.js:7:18:7:21 | name | semmle.label | name | +| lib/subLib4/subsub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib4/subsub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/amdSub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/amdSub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/index.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:7:32:7:35 | name | semmle.label | name | +| lib/subLib/index.js:8:22:8:25 | name | semmle.label | name | +| lib/subLib/index.js:13:44:13:46 | arr | semmle.label | arr | +| lib/subLib/index.js:14:22:14:24 | arr | semmle.label | arr | +subpaths +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr | lib/lib.js:428:14:428:58 | build(" ... + '-') | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ... + '-') | #select | lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command | | lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command | @@ -848,6 +405,7 @@ edges | lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command | | lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command | | lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command | +| lib/lib.js:253:10:253:28 | "rm -rf " + cleaned | lib/lib.js:248:42:248:45 | name | lib/lib.js:253:22:253:28 | cleaned | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:253:2:253:29 | cp.exec ... leaned) | shell command | | lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command | | lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command | | lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command | @@ -859,7 +417,6 @@ edges | lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command | | lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command | | lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command | -| lib/lib.js:366:17:366:56 | "learn ... + model | lib/lib.js:360:20:360:23 | opts | lib/lib.js:366:28:366:42 | this.learn_args | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:360:20:360:23 | opts | library input | lib/lib.js:367:3:367:18 | cp.exec(command) | shell command | | lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command | | lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command | | lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js index 09488f0a887..75fda009000 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js @@ -250,7 +250,7 @@ module.exports.goodSanitizer = function (name) { var cleaned = cleanInput(name); - cp.exec("rm -rf " + cleaned); // OK + cp.exec("rm -rf " + cleaned); // OK - But FP due to SanitizingRegExpTest not being able to generate a barrier edge for an edge into a phi node. } var fs = require("fs"); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql index f2ed6338494..87b27a68998 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql @@ -1,3 +1,9 @@ import javascript -import utils.test.ConsistencyChecking -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomXss +deprecated import utils.test.ConsistencyChecking +import semmle.javascript.security.dataflow.DomBasedXssQuery + +deprecated class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index 9b764729c99..c8f12b176f8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -1,2416 +1,1182 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:13:30:13:31 | ev | -| angular-tempate-url.js:13:30:13:31 | ev | -| angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:14:26:14:32 | ev.data | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:508:7:508:39 | target | -| tst.js:508:16:508:39 | documen ... .search | -| tst.js:508:16:508:39 | documen ... .search | -| tst.js:509:18:509:23 | target | -| tst.js:509:18:509:54 | target. ... "), '') | -| tst.js:509:18:509:54 | target. ... "), '') | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:4:5:4:11 | tainted | semmle.label | tainted | +| jquery.js:5:13:5:19 | tainted | semmle.label | tainted | +| jquery.js:6:11:6:17 | tainted | semmle.label | tainted | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url | +| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href | +| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] | +| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:357:20:357:25 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| tst.js:508:7:508:39 | target | semmle.label | target | +| tst.js:508:16:508:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:509:18:509:23 | target | semmle.label | target | +| tst.js:509:18:509:54 | target. ... "), '') | semmle.label | target. ... "), '') | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:10:18:105 | '
') [ArrayElement] | semmle.label | '
') [ArrayElement] | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | -| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | +| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | | +| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | | +| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | | +| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:43:5:48 | data | provenance | | +| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | | +| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | | +| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | | +| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | | +| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | provenance | | +| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | provenance | | +| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | provenance | | +| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:5:13:5:19 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:6:11:6:17 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:4:5:4:11 | tainted | jquery.js:5:13:5:19 | tainted | provenance | | +| jquery.js:5:13:5:19 | tainted | jquery.js:6:11:6:17 | tainted | provenance | | +| jquery.js:6:11:6:17 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:7:20:7:26 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:36:25:36:31 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | | +| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | | +| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | | +| tainted-url-suffix-arguments.js:12:17:12:19 | url | tainted-url-suffix-arguments.js:3:17:3:17 | y | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:17:11:17:33 | provide [source] | tooltip.jsx:18:51:18:57 | provide [source] | provenance | | +| tooltip.jsx:17:21:17:33 | props.provide [source] | tooltip.jsx:17:11:17:33 | provide [source] | provenance | | +| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:17:21:17:33 | props.provide [source] | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | | +| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | provenance | | +| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | provenance | | +| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | provenance | | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') [ArrayElement] | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') [ArrayElement] | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value | | addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value | @@ -2508,7 +1274,6 @@ edges | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value | | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value | | react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | -| react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | | react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:11:24:11:35 | router.query | user-provided value | | react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:23:43:23:54 | router.query | user-provided value | | react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:33:21:33:32 | router.query | user-provided value | @@ -2533,6 +1298,7 @@ edges | string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value | | string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value | | string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value | +| tainted-url-suffix-arguments.js:6:22:6:22 | y | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:6:22:6:22 | y | Cross-site scripting vulnerability due to $@. | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | user-provided value | | tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | | tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value | | tooltip.jsx:18:51:18:59 | provide() | tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:18:51:18:59 | provide() | Cross-site scripting vulnerability due to $@. | tooltip.jsx:22:20:22:30 | window.name | user-provided value | @@ -2636,7 +1402,6 @@ edges | tst.js:501:33:501:63 | decodeU ... n.hash) | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | tst.js:501:43:501:62 | window.location.hash | user-provided value | | tst.js:509:18:509:54 | target. ... "), '') | tst.js:508:16:508:39 | documen ... .search | tst.js:509:18:509:54 | target. ... "), '') | Cross-site scripting vulnerability due to $@. | tst.js:508:16:508:39 | documen ... .search | user-provided value | | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value | -| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value | | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected index 185cae0d2d3..ce6a053abc5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected @@ -1,2517 +1,1218 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:13:30:13:31 | ev | -| angular-tempate-url.js:13:30:13:31 | ev | -| angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:14:26:14:32 | ev.data | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | -| jwt.js:5:30:5:33 | data | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:508:7:508:39 | target | -| tst.js:508:16:508:39 | documen ... .search | -| tst.js:508:16:508:39 | documen ... .search | -| tst.js:509:18:509:23 | target | -| tst.js:509:18:509:54 | target. ... "), '') | -| tst.js:509:18:509:54 | target. ... "), '') | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:4:5:4:11 | tainted | semmle.label | tainted | +| jquery.js:5:13:5:19 | tainted | semmle.label | tainted | +| jquery.js:6:11:6:17 | tainted | semmle.label | tainted | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| jwt.js:4:36:4:39 | data | semmle.label | data | +| jwt.js:5:9:5:34 | decoded | semmle.label | decoded | +| jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) | +| jwt.js:5:30:5:33 | data | semmle.label | data | +| jwt.js:6:14:6:20 | decoded | semmle.label | decoded | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y | +| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url | +| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href | +| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] | +| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:357:20:357:25 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| tst.js:508:7:508:39 | target | semmle.label | target | +| tst.js:508:16:508:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:509:18:509:23 | target | semmle.label | target | +| tst.js:509:18:509:54 | target. ... "), '') | semmle.label | target. ... "), '') | +| typeahead.js:9:28:9:30 | loc | semmle.label | loc | +| typeahead.js:10:16:10:18 | loc | semmle.label | loc | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:10:18:105 | '
') [ArrayElement] | semmle.label | '
') [ArrayElement] | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | +| xmlRequest.js:8:13:8:47 | json | semmle.label | json | +| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | semmle.label | JSON.pa ... seText) | +| xmlRequest.js:8:31:8:46 | xhr.responseText | semmle.label | xhr.responseText | +| xmlRequest.js:9:28:9:31 | json | semmle.label | json | +| xmlRequest.js:9:28:9:39 | json.message | semmle.label | json.message | +| xmlRequest.js:20:11:20:48 | resp | semmle.label | resp | +| xmlRequest.js:20:18:20:48 | await g ... rl }}") | semmle.label | await g ... rl }}") | +| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | semmle.label | got.get ... rl }}") | +| xmlRequest.js:21:11:21:38 | json | semmle.label | json | +| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | semmle.label | JSON.pa ... p.body) | +| xmlRequest.js:21:29:21:32 | resp | semmle.label | resp | +| xmlRequest.js:22:24:22:27 | json | semmle.label | json | +| xmlRequest.js:22:24:22:35 | json.message | semmle.label | json.message | edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | -| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | -| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | -| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | -| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json | -| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json | -| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | xmlRequest.js:8:13:8:47 | json | -| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | xmlRequest.js:8:13:8:47 | json | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:20:11:20:48 | resp | xmlRequest.js:21:29:21:32 | resp | -| xmlRequest.js:20:11:20:48 | resp | xmlRequest.js:21:29:21:32 | resp | -| xmlRequest.js:20:18:20:48 | await g ... rl }}") | xmlRequest.js:20:11:20:48 | resp | -| xmlRequest.js:20:18:20:48 | await g ... rl }}") | xmlRequest.js:20:11:20:48 | resp | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | -| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | -| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | -| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | -| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:29:21:37 | resp.body | -| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:29:21:37 | resp.body | -| xmlRequest.js:21:29:21:37 | resp.body | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | -| xmlRequest.js:21:29:21:37 | resp.body | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | +| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | | +| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | | +| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | | +| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:43:5:48 | data | provenance | | +| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | | +| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | | +| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | | +| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | | +| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | provenance | | +| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | provenance | | +| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | provenance | | +| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:5:13:5:19 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:6:11:6:17 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:4:5:4:11 | tainted | jquery.js:5:13:5:19 | tainted | provenance | | +| jquery.js:5:13:5:19 | tainted | jquery.js:6:11:6:17 | tainted | provenance | | +| jquery.js:6:11:6:17 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:7:20:7:26 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:36:25:36:31 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | | +| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | | +| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | | +| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | | +| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | | +| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | | +| tainted-url-suffix-arguments.js:12:17:12:19 | url | tainted-url-suffix-arguments.js:3:17:3:17 | y | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:17:11:17:33 | provide [source] | tooltip.jsx:18:51:18:57 | provide [source] | provenance | | +| tooltip.jsx:17:21:17:33 | props.provide [source] | tooltip.jsx:17:11:17:33 | provide [source] | provenance | | +| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:17:21:17:33 | props.provide [source] | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:199:67:199:73 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:200:67:200:73 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:236:35:236:41 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:357:20:357:25 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:356:16:356:21 | target | tst.js:357:20:357:25 | target | provenance | | +| tst.js:357:20:357:25 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:357:20:357:25 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:508:7:508:39 | target | tst.js:509:18:509:23 | target | provenance | | +| tst.js:508:16:508:39 | documen ... .search | tst.js:508:7:508:39 | target | provenance | | +| tst.js:509:18:509:23 | target | tst.js:509:18:509:54 | target. ... "), '') | provenance | | +| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') [ArrayElement] | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') [ArrayElement] | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value | | typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql index df9c43e3b5b..d052be89c36 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from PathNode source, PathNode sink +where + DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js new file mode 100644 index 00000000000..a1feef0267a --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js @@ -0,0 +1,13 @@ +import 'dummy'; + +function foo(x, y, z) { + arguments; // ensure 'arguments' are used + document.writeln(x); // OK + document.writeln(y); // NOT OK + document.writeln(z); // OK +} + +function bar() { + const url = window.location.href; + foo('safe', url, 'safe'); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js index 9a110d0bb72..fea2063a4e3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js @@ -373,7 +373,7 @@ function test() { // NOT OK $('myId').html(target) - // OK + // OK - but only safe because contents are URI-encoded $('myid').html(document.location.href.split("?")[0]); } diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql index f70cc2b0a76..ec505e62e17 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ConsistencyExceptionXss.ql @@ -1,3 +1,3 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.ExceptionXssQuery as ExceptionXss diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected index 0ff9bcb932a..a862c47907c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected @@ -1,177 +1,167 @@ nodes -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:9:11:9:13 | foo | -| exception-xss.js:10:11:10:11 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | -| exception-xss.js:15:9:15:11 | foo | -| exception-xss.js:16:11:16:11 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:21:11:21:13 | foo | -| exception-xss.js:21:11:21:21 | foo + "bar" | -| exception-xss.js:22:11:22:11 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:33:11:33:22 | ["bar", foo] | -| exception-xss.js:33:19:33:21 | foo | -| exception-xss.js:34:11:34:11 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | -| exception-xss.js:46:8:46:18 | "bar" + foo | -| exception-xss.js:46:16:46:18 | foo | -| exception-xss.js:47:11:47:11 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | -| exception-xss.js:81:16:81:18 | foo | -| exception-xss.js:82:11:82:11 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:89:11:89:13 | foo | -| exception-xss.js:89:11:89:26 | foo.match(/foo/) | -| exception-xss.js:90:11:90:11 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:95:11:95:22 | [foo, "bar"] | -| exception-xss.js:95:12:95:14 | foo | -| exception-xss.js:96:11:96:11 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:102:12:102:14 | foo | -| exception-xss.js:106:11:106:11 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:118:11:118:11 | e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:129:11:129:11 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:26:136:30 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:148:33:148:35 | foo | -| exception-xss.js:148:55:148:55 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:153:8:153:10 | foo | -| exception-xss.js:154:11:154:11 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | -| exception-xss.js:174:31:174:33 | foo | -| exception-xss.js:174:53:174:53 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:26:180:30 | error | -| exception-xss.js:182:19:182:23 | error | -| exception-xss.js:182:19:182:23 | error | +| ajv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() | +| ajv.js:24:18:24:26 | val.error | semmle.label | val.error | +| exception-xss.js:2:6:2:28 | foo | semmle.label | foo | +| exception-xss.js:2:12:2:28 | document.location | semmle.label | document.location | +| exception-xss.js:4:17:4:17 | x | semmle.label | x | +| exception-xss.js:5:11:5:11 | x | semmle.label | x | +| exception-xss.js:9:11:9:13 | foo | semmle.label | foo | +| exception-xss.js:10:11:10:11 | e | semmle.label | e | +| exception-xss.js:11:18:11:18 | e | semmle.label | e | +| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | semmle.label | exceptional return of inner(foo) | +| exception-xss.js:15:9:15:11 | foo | semmle.label | foo | +| exception-xss.js:16:11:16:11 | e | semmle.label | e | +| exception-xss.js:17:18:17:18 | e | semmle.label | e | +| exception-xss.js:21:11:21:13 | foo | semmle.label | foo | +| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" | +| exception-xss.js:22:11:22:11 | e | semmle.label | e | +| exception-xss.js:23:18:23:18 | e | semmle.label | e | +| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | semmle.label | ["bar", foo] [1] | +| exception-xss.js:33:19:33:21 | foo | semmle.label | foo | +| exception-xss.js:34:11:34:11 | e | semmle.label | e | +| exception-xss.js:35:18:35:18 | e | semmle.label | e | +| exception-xss.js:38:16:38:16 | x | semmle.label | x | +| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | semmle.label | exceptional return of deep2(x) | +| exception-xss.js:39:9:39:9 | x | semmle.label | x | +| exception-xss.js:41:17:41:17 | x | semmle.label | x | +| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:42:9:42:9 | x | semmle.label | x | +| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | semmle.label | exceptional return of deep("bar" + foo) | +| exception-xss.js:46:8:46:18 | "bar" + foo | semmle.label | "bar" + foo | +| exception-xss.js:46:16:46:18 | foo | semmle.label | foo | +| exception-xss.js:47:11:47:11 | e | semmle.label | e | +| exception-xss.js:48:18:48:18 | e | semmle.label | e | +| exception-xss.js:74:28:74:28 | x | semmle.label | x | +| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:75:10:75:10 | x | semmle.label | x | +| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | semmle.label | exceptional return of myWeirdInner(foo) | +| exception-xss.js:81:16:81:18 | foo | semmle.label | foo | +| exception-xss.js:82:11:82:11 | e | semmle.label | e | +| exception-xss.js:83:18:83:18 | e | semmle.label | e | +| exception-xss.js:89:11:89:13 | foo | semmle.label | foo | +| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) | +| exception-xss.js:90:11:90:11 | e | semmle.label | e | +| exception-xss.js:91:18:91:18 | e | semmle.label | e | +| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | semmle.label | [foo, "bar"] [0] | +| exception-xss.js:95:12:95:14 | foo | semmle.label | foo | +| exception-xss.js:96:11:96:11 | e | semmle.label | e | +| exception-xss.js:97:18:97:18 | e | semmle.label | e | +| exception-xss.js:102:12:102:14 | foo | semmle.label | foo | +| exception-xss.js:106:11:106:11 | e | semmle.label | e | +| exception-xss.js:107:18:107:18 | e | semmle.label | e | +| exception-xss.js:117:11:117:23 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:118:11:118:11 | e | semmle.label | e | +| exception-xss.js:119:12:119:28 | "Exception: " + e | semmle.label | "Exception: " + e | +| exception-xss.js:119:28:119:28 | e | semmle.label | e | +| exception-xss.js:125:45:125:68 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:128:11:128:52 | session ... ssion') | semmle.label | session ... ssion') | +| exception-xss.js:129:11:129:11 | e | semmle.label | e | +| exception-xss.js:130:18:130:18 | e | semmle.label | e | +| exception-xss.js:136:10:136:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:136:26:136:30 | error | semmle.label | error | +| exception-xss.js:138:19:138:23 | error | semmle.label | error | +| exception-xss.js:146:6:146:35 | foo | semmle.label | foo | +| exception-xss.js:146:12:146:35 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:148:33:148:35 | foo | semmle.label | foo | +| exception-xss.js:148:55:148:55 | e | semmle.label | e | +| exception-xss.js:149:18:149:18 | e | semmle.label | e | +| exception-xss.js:153:8:153:10 | foo | semmle.label | foo | +| exception-xss.js:154:11:154:11 | e | semmle.label | e | +| exception-xss.js:155:18:155:18 | e | semmle.label | e | +| exception-xss.js:170:17:170:23 | tainted | semmle.label | tainted | +| exception-xss.js:171:11:171:17 | tainted | semmle.label | tainted | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | semmle.label | exceptional return of inner(foo, resolve) | +| exception-xss.js:174:31:174:33 | foo | semmle.label | foo | +| exception-xss.js:174:53:174:53 | e | semmle.label | e | +| exception-xss.js:175:18:175:18 | e | semmle.label | e | +| exception-xss.js:180:10:180:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:180:26:180:30 | error | semmle.label | error | +| exception-xss.js:182:19:182:23 | error | semmle.label | error | edges -| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | -| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | -| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | -| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | -| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | -| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | -| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | -| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | -| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | -| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | -| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | -| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | -| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | -| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | -| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | -| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | -| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | -| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | -| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | -| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | -| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | -| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | -| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | -| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | -| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | -| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | -| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | -| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | -| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | -| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | -| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | -| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | -| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | -| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | -| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | -| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | -| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | -| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | -| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | -| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | -| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | -| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e | -| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | -| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | -| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | -| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e | -| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | -| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | -| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | -| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | -| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | provenance | | +| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | provenance | | +| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | provenance | | +| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | provenance | Config | +| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | provenance | | +| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | provenance | | +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | provenance | Config | +| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | provenance | | +| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | provenance | | +| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | provenance | Config | +| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | provenance | | +| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | exception-xss.js:34:11:34:11 | e | provenance | Config | +| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] [1] | provenance | | +| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | provenance | | +| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | provenance | | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | provenance | Config | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | provenance | | +| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | provenance | | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | provenance | Config | +| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | provenance | | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | provenance | | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | provenance | Config | +| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | provenance | | +| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | provenance | | +| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | provenance | | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | provenance | Config | +| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | provenance | | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | provenance | | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | provenance | Config | +| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | provenance | | +| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | provenance | | +| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | provenance | Config | +| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | provenance | | +| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | exception-xss.js:96:11:96:11 | e | provenance | Config | +| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | provenance | | +| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | provenance | | +| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | provenance | Config | +| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | provenance | | +| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | provenance | Config | +| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | provenance | | +| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | provenance | | +| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | provenance | | +| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | provenance | Config | +| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | provenance | | +| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | provenance | Config | +| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | provenance | | +| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | provenance | | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e | provenance | | +| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | provenance | Config | +| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | provenance | | +| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | provenance | Config | +| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | provenance | | +| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | provenance | | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e | provenance | | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | provenance | | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | provenance | | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | provenance | Config | +| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | provenance | | +| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | provenance | Config | +| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | provenance | | +subpaths +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | #select | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error | | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:24:18:24:26 | val.error | JSON schema validation error | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql index f79f85c593d..9019d53e10e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ConsistencyReflectedXss.ql @@ -1,3 +1,3 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.ReflectedXssQuery as ReflectedXss diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index ddee07dbadc..682a0694ce4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -1,491 +1,348 @@ -nodes -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | -| ReflectedXss.js:116:11:116:45 | keys | -| ReflectedXss.js:116:18:116:26 | queryKeys | -| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | -| ReflectedXss.js:118:11:118:61 | keyArray | -| ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:118:49:118:54 | [keys] | -| ReflectedXss.js:118:50:118:53 | keys | -| ReflectedXss.js:118:58:118:61 | keys | -| ReflectedXss.js:119:11:119:72 | invalidKeys | -| ReflectedXss.js:119:25:119:32 | keyArray | -| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | -| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:33:122:43 | invalidKeys | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | -| etherpad.js:9:5:9:53 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:11:12:11:19 | response | -| etherpad.js:11:12:11:19 | response | -| formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | -| live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | -| live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | -| partial.js:10:14:10:14 | x | -| partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | -| partial.js:13:42:13:48 | req.url | -| partial.js:18:25:18:25 | x | -| partial.js:19:14:19:14 | x | -| partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | -| partial.js:22:51:22:57 | req.url | -| partial.js:27:25:27:25 | x | -| partial.js:28:14:28:14 | x | -| partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | -| partial.js:31:47:31:53 | req.url | -| partial.js:36:25:36:25 | x | -| partial.js:37:14:37:14 | x | -| partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | -| partial.js:40:43:40:49 | req.url | -| promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:6:11:6:11 | x | -| promises.js:6:25:6:25 | x | -| promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | -| tst2.js:6:7:6:30 | r | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:7:12:7:12 | p | -| tst2.js:7:12:7:12 | p | -| tst2.js:8:12:8:12 | r | -| tst2.js:8:12:8:12 | r | -| tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:33:11:33:11 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:49:36:49:36 | p | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:60:11:60:11 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:72:11:72:11 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:85:11:85:11 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:89:12:89:18 | other.p | -| tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:11:9:11:74 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:12:12:12:15 | code | -| tst3.js:12:12:12:15 | code | edges -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | -| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | -| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray | -| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] | -| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | -| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | -| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | -| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response | -| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | -| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | +| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | | +| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | | +| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | | +| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | | +| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | | +| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | | +| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | | +| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | | +| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | | +| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | | +| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | | +| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | | +| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | | +| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | | +| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | | +| ReflectedXss.js:118:11:118:61 | keyArray [0] | ReflectedXss.js:119:25:119:32 | keyArray [0] | provenance | | +| ReflectedXss.js:118:49:118:54 | [keys] [0] | ReflectedXss.js:118:11:118:61 | keyArray [0] | provenance | | +| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] [0] | provenance | | +| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | | +| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | | +| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | ReflectedXss.js:122:33:122:43 | invalidKeys [0] | provenance | | +| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | | +| ReflectedXss.js:119:25:119:32 | keyArray [0] | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | provenance | | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | ReflectedXss.js:119:11:119:72 | invalidKeys [0] | provenance | | +| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | | +| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | | +| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | | +| ReflectedXssGood3.js:77:7:77:37 | parts [0] | ReflectedXssGood3.js:108:10:108:14 | parts [0] | provenance | | +| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | ReflectedXssGood3.js:77:7:77:37 | parts [0] | provenance | | +| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | provenance | | +| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | provenance | | +| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:108:10:108:14 | parts [0] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | | +| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | +| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | provenance | | +| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | provenance | | +| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | provenance | | +| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | provenance | | +| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | provenance | | +| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | provenance | | +| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | provenance | | +| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | provenance | | +| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | provenance | | +| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | provenance | | +| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | provenance | | +| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | provenance | | +| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | provenance | | +| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | provenance | | +| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | provenance | | +| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | provenance | | +| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | provenance | | +| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | provenance | | +| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | provenance | | +| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | provenance | | +| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | provenance | | +| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | provenance | | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | provenance | | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | provenance | | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | | +| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | | +| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | | +| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | | +| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | | +| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | | +| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | provenance | | +| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | | +| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | | +| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | | +| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | | +| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | | +| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | | +| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | provenance | | +| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | provenance | | +| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | provenance | | +| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | provenance | | +| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | provenance | | +| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | provenance | | +| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | | +| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | | +| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | | +| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | | +| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | | +| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | | +| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | provenance | | +| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | | +| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | | +| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | | +| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | | +| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | provenance | | +| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | provenance | | +| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | | +| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | | +| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | | +| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | | +| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | | +| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | provenance | | +| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | provenance | | +| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | provenance | | +| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | provenance | | +| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | provenance | | +| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | | +| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | | +nodes +| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id | +| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id | +| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) | +| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body | +| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) | +| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:39:64:42 | file | semmle.label | file | +| ReflectedXss.js:65:16:65:19 | file | semmle.label | file | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) | +| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() | +| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) | +| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString | +| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:34:74:34 | f | semmle.label | f | +| ReflectedXss.js:75:14:75:14 | f | semmle.label | f | +| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) | +| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body | +| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) | +| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body | +| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body | +| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body | +| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p | +| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys | +| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys | +| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys | +| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:118:11:118:61 | keyArray [0] | semmle.label | keyArray [0] | +| ReflectedXss.js:118:49:118:54 | [keys] [0] | semmle.label | [keys] [0] | +| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys | +| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys | +| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | semmle.label | invalidKeys [0] | +| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:119:25:119:32 | keyArray [0] | semmle.label | keyArray [0] | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | semmle.label | keyArra ... s(key)) [0] | +| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` | +| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | semmle.label | invalidKeys [0] | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') | +| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value | +| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts | +| ReflectedXssGood3.js:77:7:77:37 | parts [0] | semmle.label | parts [0] | +| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | semmle.label | [value. ... (0, i)] [0] | +| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | semmle.label | [post update] parts [ArrayElement] | +| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) | +| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts | +| ReflectedXssGood3.js:108:10:108:14 | parts [0] | semmle.label | parts [0] | +| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | semmle.label | parts [ArrayElement] | +| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') | +| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | +| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| etherpad.js:9:5:9:53 | response | semmle.label | response | +| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | +| etherpad.js:11:12:11:19 | response | semmle.label | response | +| formatting.js:4:9:4:29 | evil | semmle.label | evil | +| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil | +| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) | +| formatting.js:6:43:6:46 | evil | semmle.label | evil | +| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) | +| formatting.js:7:49:7:52 | evil | semmle.label | evil | +| live-server.js:4:11:4:27 | tainted | semmle.label | tainted | +| live-server.js:4:21:4:27 | req.url | semmle.label | req.url | +| live-server.js:6:13:6:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:6:28:6:34 | tainted | semmle.label | tainted | +| live-server.js:10:11:10:27 | tainted | semmle.label | tainted | +| live-server.js:10:21:10:27 | req.url | semmle.label | req.url | +| live-server.js:12:13:12:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:12:28:12:34 | tainted | semmle.label | tainted | +| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url | +| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url | +| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url | +| partial.js:9:25:9:25 | x | semmle.label | x | +| partial.js:10:14:10:14 | x | semmle.label | x | +| partial.js:10:14:10:18 | x + y | semmle.label | x + y | +| partial.js:13:42:13:48 | req.url | semmle.label | req.url | +| partial.js:18:25:18:25 | x | semmle.label | x | +| partial.js:19:14:19:14 | x | semmle.label | x | +| partial.js:19:14:19:18 | x + y | semmle.label | x + y | +| partial.js:22:51:22:57 | req.url | semmle.label | req.url | +| partial.js:27:25:27:25 | x | semmle.label | x | +| partial.js:28:14:28:14 | x | semmle.label | x | +| partial.js:28:14:28:18 | x + y | semmle.label | x + y | +| partial.js:31:47:31:53 | req.url | semmle.label | req.url | +| partial.js:36:25:36:25 | x | semmle.label | x | +| partial.js:37:14:37:14 | x | semmle.label | x | +| partial.js:37:14:37:18 | x + y | semmle.label | x + y | +| partial.js:40:43:40:49 | req.url | semmle.label | req.url | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | semmle.label | resolve [Return] [resolve-value] | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] | +| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | +| promises.js:6:11:6:11 | x | semmle.label | x | +| promises.js:6:25:6:25 | x | semmle.label | x | +| tst2.js:6:7:6:30 | p | semmle.label | p | +| tst2.js:6:7:6:30 | r | semmle.label | r | +| tst2.js:6:9:6:9 | p | semmle.label | p | +| tst2.js:6:12:6:15 | q: r | semmle.label | q: r | +| tst2.js:7:12:7:12 | p | semmle.label | p | +| tst2.js:8:12:8:12 | r | semmle.label | r | +| tst2.js:14:7:14:24 | p | semmle.label | p | +| tst2.js:14:9:14:9 | p | semmle.label | p | +| tst2.js:18:12:18:12 | p | semmle.label | p | +| tst2.js:21:14:21:14 | p | semmle.label | p | +| tst2.js:30:7:30:24 | p | semmle.label | p | +| tst2.js:30:9:30:9 | p | semmle.label | p | +| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:33:11:33:11 | p | semmle.label | p | +| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] | +| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] | +| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] | +| tst2.js:36:12:36:12 | p | semmle.label | p | +| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] | +| tst2.js:37:12:37:18 | other.p | semmle.label | other.p | +| tst2.js:43:7:43:24 | p | semmle.label | p | +| tst2.js:43:9:43:9 | p | semmle.label | p | +| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe | +| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) | +| tst2.js:49:36:49:36 | p | semmle.label | p | +| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe | +| tst2.js:57:7:57:24 | p | semmle.label | p | +| tst2.js:57:9:57:9 | p | semmle.label | p | +| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:60:11:60:11 | p | semmle.label | p | +| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] | +| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] | +| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] | +| tst2.js:63:12:63:12 | p | semmle.label | p | +| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] | +| tst2.js:64:12:64:18 | other.p | semmle.label | other.p | +| tst2.js:69:7:69:24 | p | semmle.label | p | +| tst2.js:69:9:69:9 | p | semmle.label | p | +| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:72:11:72:11 | p | semmle.label | p | +| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] | +| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] | +| tst2.js:75:12:75:12 | p | semmle.label | p | +| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] | +| tst2.js:76:12:76:18 | other.p | semmle.label | other.p | +| tst2.js:82:7:82:24 | p | semmle.label | p | +| tst2.js:82:9:82:9 | p | semmle.label | p | +| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:85:11:85:11 | p | semmle.label | p | +| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] | +| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] | +| tst2.js:88:12:88:12 | p | semmle.label | p | +| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] | +| tst2.js:89:12:89:18 | other.p | semmle.label | other.p | +| tst3.js:5:7:5:24 | p | semmle.label | p | +| tst3.js:5:9:5:9 | p | semmle.label | p | +| tst3.js:6:12:6:12 | p | semmle.label | p | +| tst3.js:11:9:11:74 | code | semmle.label | code | +| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) | +| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body | +| tst3.js:12:12:12:15 | code | semmle.label | code | +subpaths +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | #select | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value | | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value | | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value | | ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value | | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value | -| ReflectedXss.js:34:12:34:18 | mytable | ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value | | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value | | ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value | | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js index fc2e1abb888..c3b1cbc2da8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js @@ -31,7 +31,7 @@ app.get('/user/:id', function(req, res) { ['Name', 'Content'], ['body', req.body] ]); - res.send(mytable); // NOT OK + res.send(mytable); // NOT OK - FIXME: only works in OLD dataflow, add implicit reads before library-contributed taint steps }); var showdown = require('showdown'); diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index a367f07307a..d29b35203b8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -3,7 +3,6 @@ | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value | | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value | | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value | -| ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value | | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value | | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value | | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql index 3fcf8c0377b..b9c4107a6ad 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql @@ -3,18 +3,17 @@ // import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery +private import semmle.javascript.security.dataflow.Xss::Shared as SharedXss -class IsVarNameSanitizer extends TaintTracking::AdditionalSanitizerGuardNode, DataFlow::CallNode { +class IsVarNameSanitizer extends SharedXss::BarrierGuard, DataFlow::CallNode { IsVarNameSanitizer() { this.getCalleeName() = "isVarName" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } - - override predicate appliesTo(TaintTracking::Configuration cfg) { cfg instanceof Configuration } } -from Configuration xss, Source source, Sink sink -where xss.hasFlow(source, sink) +from Source source, Sink sink +where ReflectedXssFlow::flow(source, sink) select sink, "Cross-site scripting vulnerability due to $@.", source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql index 9fe83ca3c4c..38bae3a6aea 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/ConsistencyStoredXss.ql @@ -1,3 +1,3 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.StoredXssQuery as StoredXss diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected index d6142c980b6..3e8fa512c85 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected @@ -1,55 +1,105 @@ -nodes -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-torrent.js:6:6:6:24 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:7:11:7:14 | name | edges -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | +| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | provenance | | +| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | | +| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | provenance | | +| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | provenance | | +nodes +| xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 | +| xss-through-filenames.js:17:21:17:26 | files2 | semmle.label | files2 | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:14 | files2 | semmle.label | files2 | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file | +| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 | +| xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | semmle.label | [post update] files3 [ArrayElement] | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | semmle.label | '
  • ' ... '
    • ' | +| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] | +| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:34:30:37 | file | semmle.label | file | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 | semmle.label | [post update] files2 | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | semmle.label | [post update] files2 [ArrayElement] | +| xss-through-filenames.js:31:25:31:28 | file | semmle.label | file | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:35:13:35:35 | files3 | semmle.label | files3 | +| xss-through-filenames.js:35:22:35:35 | format(files2) | semmle.label | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 | semmle.label | files2 | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:37:19:37:24 | files3 | semmle.label | files3 | +| xss-through-torrent.js:6:6:6:24 | name | semmle.label | name | +| xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name | +| xss-through-torrent.js:7:11:7:14 | name | semmle.label | name | +subpaths +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | #select | xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value | | xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql index 5270467483c..e67885e96b9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/ConsistencyUnsafeHtmlConstruction.ql @@ -1,3 +1,3 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery as UnsafeHtmlConstruction diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected index b05425e65da..678b42231c9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected @@ -1,287 +1,111 @@ nodes -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:14:31:14:35 | stuff | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:13:9:13:41 | name | -| lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | -| main.js:1:55:1:55 | s | -| main.js:2:29:2:29 | s | -| main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | -| main.js:6:49:6:49 | s | -| main.js:7:49:7:49 | s | -| main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | -| main.js:11:60:11:60 | s | -| main.js:12:49:12:49 | s | -| main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | -| main.js:21:47:21:47 | s | -| main.js:22:34:22:34 | s | -| main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | -| main.js:42:21:42:21 | s | -| main.js:47:65:47:73 | this.step | -| main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | -| main.js:52:41:52:41 | s | -| main.js:53:20:53:20 | s | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | -| main.js:66:35:66:41 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | -| main.js:79:34:79:36 | val | -| main.js:81:35:81:37 | val | -| main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | -| main.js:90:23:90:23 | x | -| main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | -| main.js:93:43:93:43 | x | -| main.js:94:31:94:31 | x | -| main.js:98:43:98:43 | x | -| main.js:98:43:98:43 | x | -| main.js:99:28:99:28 | x | -| main.js:99:28:99:28 | x | -| main.js:103:43:103:43 | x | -| main.js:103:43:103:43 | x | -| main.js:105:26:105:26 | x | -| main.js:105:26:105:26 | x | -| main.js:109:41:109:41 | x | -| main.js:109:41:109:41 | x | -| main.js:111:37:111:37 | x | -| main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | -| main.js:116:47:116:47 | s | -| main.js:117:34:117:34 | s | -| main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:12:12:12:12 | s | -| typed.ts:16:11:16:21 | s | -| typed.ts:16:15:16:21 | id("x") | -| typed.ts:17:29:17:29 | s | -| typed.ts:17:29:17:29 | s | +| jquery-plugin.js:11:27:11:31 | stuff | semmle.label | stuff | +| jquery-plugin.js:11:34:11:40 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:37 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:41 | options.foo | semmle.label | options.foo | +| jquery-plugin.js:14:31:14:35 | stuff | semmle.label | stuff | +| lib2/index.ts:1:28:1:28 | s | semmle.label | s | +| lib2/index.ts:2:27:2:27 | s | semmle.label | s | +| lib2/index.ts:6:29:6:36 | settings | semmle.label | settings | +| lib2/index.ts:7:58:7:65 | settings | semmle.label | settings | +| lib2/index.ts:13:9:13:41 | name | semmle.label | name | +| lib2/index.ts:13:16:13:23 | settings | semmle.label | settings | +| lib2/index.ts:13:16:13:33 | settings.mySetting | semmle.label | settings.mySetting | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | semmle.label | setting ... ting[i] | +| lib2/index.ts:13:16:13:41 | setting ... i].name | semmle.label | setting ... i].name | +| lib2/index.ts:18:62:18:65 | name | semmle.label | name | +| lib2/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib2/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| lib/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| main.js:1:55:1:55 | s | semmle.label | s | +| main.js:2:29:2:29 | s | semmle.label | s | +| main.js:6:49:6:49 | s | semmle.label | s | +| main.js:7:49:7:49 | s | semmle.label | s | +| main.js:11:60:11:60 | s | semmle.label | s | +| main.js:12:49:12:49 | s | semmle.label | s | +| main.js:21:47:21:47 | s | semmle.label | s | +| main.js:22:34:22:34 | s | semmle.label | s | +| main.js:56:28:56:34 | options | semmle.label | options | +| main.js:57:11:59:5 | defaults | semmle.label | defaults | +| main.js:57:11:59:5 | defaults | semmle.label | defaults | +| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } | +| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } | +| main.js:60:11:60:48 | settings | semmle.label | settings | +| main.js:60:22:60:48 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| main.js:60:31:60:38 | defaults | semmle.label | defaults | +| main.js:60:31:60:38 | defaults | semmle.label | defaults | +| main.js:60:41:60:47 | options | semmle.label | options | +| main.js:62:19:62:26 | settings | semmle.label | settings | +| main.js:62:19:62:31 | settings.name | semmle.label | settings.name | +| main.js:66:35:66:41 | attrVal | semmle.label | attrVal | +| main.js:67:63:67:69 | attrVal | semmle.label | attrVal | +| main.js:79:34:79:36 | val | semmle.label | val | +| main.js:81:35:81:37 | val | semmle.label | val | +| main.js:89:21:89:21 | x | semmle.label | x | +| main.js:90:23:90:23 | x | semmle.label | x | +| main.js:93:43:93:43 | x | semmle.label | x | +| main.js:94:31:94:31 | x | semmle.label | x | +| main.js:98:43:98:43 | x | semmle.label | x | +| main.js:99:28:99:28 | x | semmle.label | x | +| main.js:103:43:103:43 | x | semmle.label | x | +| main.js:105:26:105:26 | x | semmle.label | x | +| main.js:109:41:109:41 | x | semmle.label | x | +| main.js:111:37:111:37 | x | semmle.label | x | +| main.js:116:47:116:47 | s | semmle.label | s | +| main.js:117:34:117:34 | s | semmle.label | s | +| typed.ts:1:39:1:39 | s | semmle.label | s | +| typed.ts:2:29:2:29 | s | semmle.label | s | +| typed.ts:6:43:6:43 | s | semmle.label | s | +| typed.ts:8:40:8:40 | s | semmle.label | s | edges -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | main.js:42:21:42:21 | s | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:53:20:53:20 | s | main.js:41:17:41:17 | s | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | -| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:12:12:12:12 | s | typed.ts:16:15:16:21 | id("x") | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:15:16:21 | id("x") | typed.ts:16:11:16:21 | s | +| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | provenance | | +| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | provenance | | +| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | provenance | Config | +| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | provenance | | +| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | provenance | | +| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | provenance | Config | +| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | provenance | Config | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | provenance | Config | +| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | provenance | | +| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | provenance | | +| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | provenance | | +| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | provenance | | +| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | provenance | | +| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | provenance | | +| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | provenance | | +| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | provenance | | +| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | | +| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | | +| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | | +| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | | +| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | provenance | | +| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | Config | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | provenance | Config | +| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | provenance | | +| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | provenance | | +| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | provenance | | +| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | provenance | | +| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | provenance | | +| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | provenance | | +| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | provenance | | +| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | provenance | | +subpaths #select | jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | " ... /span>" | cross-site scripting | | jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | " ... /span>" | cross-site scripting | @@ -295,7 +119,6 @@ edges | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting | | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting | | main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting | -| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | This HTML construction which depends on $@ might later allow $@. | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | " ... /span>" | cross-site scripting | | main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | This HTML construction which depends on $@ might later allow $@. | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "" + ... "" | cross-site scripting | | main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | This HTML construction which depends on $@ might later allow $@. | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "" | cross-site scripting | | main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | This HTML construction which depends on $@ might later allow $@. | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | " ... /span>" | cross-site scripting | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql index 9fcb2487741..d7e452b2a8c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/ConsistencyUnsafeJQueryPlugin.ql @@ -1,3 +1,3 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery as UnsafeJqueryPlugin diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected index 23a7d82ca14..f246b00d787 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected @@ -1,261 +1,164 @@ -nodes -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | -| unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | -| unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | edges -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | provenance | | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | provenance | | +| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | provenance | | +| unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | unsafe-jquery-plugin.js:68:7:68:10 | this [options] | provenance | | +| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | provenance | | +| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:68:7:68:10 | this [options] | unsafe-jquery-plugin.js:68:7:68:18 | this.options | provenance | | +| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | provenance | | +| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | provenance | Config | +| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | provenance | | +| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | provenance | | +| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | provenance | | +| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o | provenance | | +| unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | unsafe-jquery-plugin.js:87:12:87:15 | this [o] | provenance | | +| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | provenance | | +| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | provenance | | +| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | provenance | | +| unsafe-jquery-plugin.js:87:12:87:15 | this [o] | unsafe-jquery-plugin.js:87:12:87:17 | this.o | provenance | | +| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:8:87:24 | t | provenance | | +| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o | provenance | | +| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | provenance | | +| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | provenance | | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | provenance | | +| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | provenance | | +| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | provenance | | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | provenance | | +| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | provenance | | +| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | provenance | | +| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | provenance | | +| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | provenance | | +| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | provenance | | +| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | provenance | | +| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | provenance | | +| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | provenance | | +| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | provenance | | +| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | provenance | | +| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | provenance | | +| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | provenance | | +| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | provenance | | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | provenance | Config | +nodes +| unsafe-jquery-plugin.js:2:38:2:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:3:5:3:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:7:17:7:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:11:7:11:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:11:16:11:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:22:6:22:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:30:6:30:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:36:6:36:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:40:6:40:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:48:6:48:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:52:6:52:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:60:6:60:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:65:47:65:53 | options | semmle.label | options | +| unsafe-jquery-plugin.js:67:3:67:6 | [post update] this [options] | semmle.label | [post update] this [options] | +| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:67:37:67:43 | options | semmle.label | options | +| unsafe-jquery-plugin.js:68:7:68:10 | this [options] | semmle.label | this [options] | +| unsafe-jquery-plugin.js:68:7:68:18 | this.options | semmle.label | this.options | +| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | semmle.label | this.options.parent | +| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | semmle.label | this.options.parent | +| unsafe-jquery-plugin.js:71:38:71:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:76:38:76:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:84:38:84:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:85:14:85:14 | o | semmle.label | o | +| unsafe-jquery-plugin.js:86:4:86:7 | [post update] this [o] | semmle.label | [post update] this [o] | +| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | semmle.label | $.extend({}, o) | +| unsafe-jquery-plugin.js:86:26:86:26 | o | semmle.label | o | +| unsafe-jquery-plugin.js:87:8:87:24 | t | semmle.label | t | +| unsafe-jquery-plugin.js:87:12:87:15 | this [o] | semmle.label | this [o] | +| unsafe-jquery-plugin.js:87:12:87:17 | this.o | semmle.label | this.o | +| unsafe-jquery-plugin.js:90:6:90:6 | t | semmle.label | t | +| unsafe-jquery-plugin.js:92:5:92:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:101:38:101:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:3:105:13 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:105:6:105:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:114:38:114:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:3:115:58 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:115:51:115:57 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:121:40:121:46 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:126:33:126:39 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:19 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:131:34:131:40 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:135:36:135:42 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | semmle.label | options ... elector | +| unsafe-jquery-plugin.js:153:38:153:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:156:3:156:9 | options | semmle.label | options | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:50 | options | semmle.label | options | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | semmle.label | options.target.a | +| unsafe-jquery-plugin.js:160:38:160:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:165:7:165:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:165:16:165:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:170:6:170:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:178:27:178:33 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:185:28:185:34 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:27 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | semmle.label | options.of | +| unsafe-jquery-plugin.js:192:19:192:28 | options.of | semmle.label | options.of | +subpaths #select | unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql index c2d1847ae9f..547763a8f83 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql @@ -1,3 +1,14 @@ import javascript -import utils.test.ConsistencyChecking -import semmle.javascript.security.dataflow.XssThroughDomQuery as ThroughDomXss +deprecated import utils.test.ConsistencyChecking +import semmle.javascript.security.dataflow.XssThroughDomQuery + +deprecated class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { + exists(DataFlow::Node source | + XssThroughDomFlow::flow(source, result) and + not isIgnoredSourceSinkPair(source, result) + ) + } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected index 83147705499..5880071e4e0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected @@ -1,277 +1,128 @@ -nodes -| forms.js:8:23:8:28 | values | -| forms.js:8:23:8:28 | values | -| forms.js:9:31:9:36 | values | -| forms.js:9:31:9:40 | values.foo | -| forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | -| forms.js:11:24:11:29 | values | -| forms.js:12:31:12:36 | values | -| forms.js:12:31:12:40 | values.bar | -| forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | -| forms.js:24:15:24:20 | values | -| forms.js:25:23:25:28 | values | -| forms.js:25:23:25:34 | values.email | -| forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | -| forms.js:28:20:28:25 | values | -| forms.js:29:23:29:28 | values | -| forms.js:29:23:29:34 | values.email | -| forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | -| forms.js:34:13:34:18 | values | -| forms.js:35:19:35:24 | values | -| forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | -| forms.js:44:21:44:26 | values | -| forms.js:45:21:45:26 | values | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:71:21:71:24 | data | -| forms.js:71:21:71:24 | data | -| forms.js:72:19:72:22 | data | -| forms.js:72:19:72:27 | data.name | -| forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | -| forms.js:92:26:92:36 | getValues() | -| forms.js:93:25:93:30 | values | -| forms.js:93:25:93:35 | values.name | -| forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | edges -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | +| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | provenance | | +| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | provenance | | +| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | provenance | | +| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | provenance | | +| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | provenance | | +| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | provenance | | +| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | provenance | | +| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | provenance | | +| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | provenance | | +| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | provenance | | +| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | provenance | | +| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | provenance | | +| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | provenance | | +| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | provenance | | +| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | provenance | | +| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | provenance | | +| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | provenance | | +| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | provenance | | +| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | provenance | | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | provenance | | +| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | provenance | | +| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | provenance | | +| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | provenance | | +| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | provenance | | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | provenance | | +| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | provenance | | +| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | provenance | | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | provenance | Config | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | provenance | | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | provenance | | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | provenance | | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | provenance | | +| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | provenance | | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | provenance | | +nodes +| forms.js:8:23:8:28 | values | semmle.label | values | +| forms.js:9:31:9:36 | values | semmle.label | values | +| forms.js:9:31:9:40 | values.foo | semmle.label | values.foo | +| forms.js:11:24:11:29 | values | semmle.label | values | +| forms.js:12:31:12:36 | values | semmle.label | values | +| forms.js:12:31:12:40 | values.bar | semmle.label | values.bar | +| forms.js:24:15:24:20 | values | semmle.label | values | +| forms.js:25:23:25:28 | values | semmle.label | values | +| forms.js:25:23:25:34 | values.email | semmle.label | values.email | +| forms.js:28:20:28:25 | values | semmle.label | values | +| forms.js:29:23:29:28 | values | semmle.label | values | +| forms.js:29:23:29:34 | values.email | semmle.label | values.email | +| forms.js:34:11:34:53 | values | semmle.label | values | +| forms.js:34:13:34:18 | values | semmle.label | values | +| forms.js:35:19:35:24 | values | semmle.label | values | +| forms.js:35:19:35:30 | values.email | semmle.label | values.email | +| forms.js:44:21:44:26 | values | semmle.label | values | +| forms.js:45:21:45:26 | values | semmle.label | values | +| forms.js:45:21:45:33 | values.stooge | semmle.label | values.stooge | +| forms.js:57:19:57:32 | e.target.value | semmle.label | e.target.value | +| forms.js:71:21:71:24 | data | semmle.label | data | +| forms.js:72:19:72:22 | data | semmle.label | data | +| forms.js:72:19:72:27 | data.name | semmle.label | data.name | +| forms.js:92:17:92:36 | values | semmle.label | values | +| forms.js:92:26:92:36 | getValues() | semmle.label | getValues() | +| forms.js:93:25:93:30 | values | semmle.label | values | +| forms.js:93:25:93:35 | values.name | semmle.label | values.name | +| forms.js:103:23:103:36 | e.target.value | semmle.label | e.target.value | +| forms.js:107:23:107:36 | e.target.value | semmle.label | e.target.value | +| xss-through-dom.js:2:16:2:34 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | semmle.label | $(".som ... .text() | +| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | semmle.label | $(".som ... arget") | +| xss-through-dom.js:11:3:11:42 | documen ... nerText | semmle.label | documen ... nerText | +| xss-through-dom.js:19:3:19:44 | documen ... Content | semmle.label | documen ... Content | +| xss-through-dom.js:23:3:23:48 | documen ... ].value | semmle.label | documen ... ].value | +| xss-through-dom.js:27:3:27:61 | documen ... arget') | semmle.label | documen ... arget') | +| xss-through-dom.js:51:30:51:48 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:54:31:54:49 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | semmle.label | $("inpu ... "name") | +| xss-through-dom.js:61:30:61:69 | $(docum ... value") | semmle.label | $(docum ... value") | +| xss-through-dom.js:64:30:64:40 | valMethod() | semmle.label | valMethod() | +| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:73:9:73:41 | selector | semmle.label | selector | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:77:4:77:11 | selector | semmle.label | selector | +| xss-through-dom.js:79:4:79:34 | documen ... t.value | semmle.label | documen ... t.value | +| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | semmle.label | $('#foo ... rText') | +| xss-through-dom.js:84:8:84:30 | text | semmle.label | text | +| xss-through-dom.js:84:15:84:30 | $("text").text() | semmle.label | $("text").text() | +| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | semmle.label | anser.a ... l(text) | +| xss-through-dom.js:86:33:86:36 | text | semmle.label | text | +| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | semmle.label | new ans ... s(text) | +| xss-through-dom.js:87:36:87:39 | text | semmle.label | text | +| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:109:31:109:70 | "" | semmle.label | "" | +| xss-through-dom.js:109:45:109:55 | this.el.src | semmle.label | this.el.src | +| xss-through-dom.js:114:11:114:52 | src | semmle.label | src | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:115:16:115:18 | src | semmle.label | src | +| xss-through-dom.js:117:26:117:28 | src | semmle.label | src | +| xss-through-dom.js:120:23:120:37 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | semmle.label | ev.targ ... 0].name | +| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | semmle.label | URL.cre ... les[0]) | +| xss-through-dom.js:122:53:122:67 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | semmle.label | ev.target.files[0] | +| xss-through-dom.js:130:6:130:68 | linkText | semmle.label | linkText | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | semmle.label | wSelect ... tring() | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | semmle.label | dSelect ... tring() | +| xss-through-dom.js:131:19:131:26 | linkText | semmle.label | linkText | +| xss-through-dom.js:132:16:132:23 | linkText | semmle.label | linkText | +| xss-through-dom.js:139:11:139:52 | src | semmle.label | src | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:140:19:140:21 | src | semmle.label | src | +| xss-through-dom.js:141:25:141:27 | src | semmle.label | src | +| xss-through-dom.js:150:24:150:26 | src | semmle.label | src | +| xss-through-dom.js:154:25:154:27 | msg | semmle.label | msg | +| xss-through-dom.js:155:27:155:29 | msg | semmle.label | msg | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | semmle.label | $("textarea").val() | +subpaths #select | forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text | | forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/local-threat-source/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/local-threat-source/SqlInjection.expected index 05749a54c5b..3a4a7ef0481 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/local-threat-source/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/local-threat-source/SqlInjection.expected @@ -1,17 +1,12 @@ nodes -| test.js:4:5:4:29 | temp | -| test.js:4:12:4:22 | process.env | -| test.js:4:12:4:22 | process.env | -| test.js:4:12:4:29 | process.env['foo'] | -| test.js:7:14:7:61 | 'SELECT ... + temp | -| test.js:7:14:7:61 | 'SELECT ... + temp | -| test.js:7:58:7:61 | temp | +| test.js:4:5:4:29 | temp | semmle.label | temp | +| test.js:4:12:4:22 | process.env | semmle.label | process.env | +| test.js:7:14:7:61 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| test.js:7:58:7:61 | temp | semmle.label | temp | edges -| test.js:4:5:4:29 | temp | test.js:7:58:7:61 | temp | -| test.js:4:12:4:22 | process.env | test.js:4:12:4:29 | process.env['foo'] | -| test.js:4:12:4:22 | process.env | test.js:4:12:4:29 | process.env['foo'] | -| test.js:4:12:4:29 | process.env['foo'] | test.js:4:5:4:29 | temp | -| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp | -| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp | +| test.js:4:5:4:29 | temp | test.js:7:58:7:61 | temp | provenance | | +| test.js:4:12:4:22 | process.env | test.js:4:5:4:29 | temp | provenance | | +| test.js:7:58:7:61 | temp | test.js:7:14:7:61 | 'SELECT ... + temp | provenance | | +subpaths #select | test.js:7:14:7:61 | 'SELECT ... + temp | test.js:4:12:4:22 | process.env | test.js:7:14:7:61 | 'SELECT ... + temp | This query string depends on a $@. | test.js:4:12:4:22 | process.env | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected index acf7e712ee2..5446a4da85a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected @@ -1,41 +1,32 @@ nodes -| typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | -| typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | +| typedClient.ts:13:7:13:32 | v | semmle.label | v | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:13:22:13:29 | req.body | semmle.label | req.body | +| typedClient.ts:13:22:13:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:14:24:14:32 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:14:30:14:30 | v | semmle.label | v | +| typedClient.ts:21:7:21:32 | v | semmle.label | v | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:21:22:21:29 | req.body | semmle.label | req.body | +| typedClient.ts:21:22:21:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:22:27:22:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:22:33:22:33 | v | semmle.label | v | +| typedClient.ts:23:27:23:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:23:33:23:33 | v | semmle.label | v | edges -| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | +| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | provenance | | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | provenance | | +| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | provenance | Config | +| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | provenance | Config | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | provenance | | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | provenance | | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | provenance | | +| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | provenance | Config | +| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | provenance | Config | +| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | provenance | Config | +subpaths #select | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | | typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql index c34ac544920..9c721994d67 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/Consistency.ql @@ -1,4 +1,4 @@ import javascript -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected index c241751da3e..3664d7db828 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected @@ -1,938 +1,637 @@ nodes -| graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:12:46:12:47 | id | -| graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:37:27:38 | id | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | -| graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | -| graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | -| graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:88:13:88:14 | id | -| graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:45:120:46 | id | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | -| json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| ldap.js:20:7:20:34 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:22:7:22:33 | username | -| ldap.js:22:18:22:18 | q | -| ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:33 | q.query.username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:24:25:31 | username | -| ldap.js:25:46:25:53 | username | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:26:32:33 | username | -| ldap.js:32:48:32:55 | username | -| ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:16:64:23 | username | -| ldap.js:64:38:64:45 | username | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | -| marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | -| marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:16:12:16:16 | query | -| marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | -| minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:18:12:18:16 | query | -| minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | -| mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:32:38:32:42 | title | -| mongodb.js:48:11:48:20 | query | -| mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | -| mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | -| mongodb.js:106:9:106:18 | query | -| mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:112:14:112:18 | query | -| mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | -| mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:23:130:24 | id | -| mongoose.js:136:30:136:34 | query | -| mongoose.js:136:30:136:34 | query | -| mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:32 | req.body.id | -| mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:62:15:65 | temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | -| pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise.js:6:7:7:55 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:64:16:64:20 | query | -| pg-promise.js:64:16:64:20 | query | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:26 | req.body.key | -| redis.js:18:16:18:18 | key | -| redis.js:18:16:18:18 | key | -| redis.js:19:43:19:45 | key | -| redis.js:19:43:19:45 | key | -| redis.js:25:14:25:16 | key | -| redis.js:25:14:25:16 | key | -| redis.js:30:23:30:25 | key | -| redis.js:30:23:30:25 | key | -| redis.js:32:28:32:30 | key | -| redis.js:32:28:32:30 | key | -| redis.js:38:11:38:28 | key | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:28 | req.body.key | -| redis.js:39:16:39:18 | key | -| redis.js:39:16:39:18 | key | -| redis.js:43:27:43:29 | key | -| redis.js:43:27:43:29 | key | -| redis.js:46:34:46:36 | key | -| redis.js:46:34:46:36 | key | -| socketio.js:10:25:10:30 | handle | -| socketio.js:10:25:10:30 | handle | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:46:11:51 | handle | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | -| tst2.js:9:66:9:78 | req.params.id | -| tst3.js:7:7:8:55 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:9:14:9:19 | query1 | -| tst3.js:9:14:9:19 | query1 | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | -| tst.js:10:46:10:58 | req.params.id | +| graphql.js:8:11:8:28 | id | semmle.label | id | +| graphql.js:8:16:8:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:10:34:20:5 | `\\n ... }\\n ` | semmle.label | `\\n ... }\\n ` | +| graphql.js:12:46:12:47 | id | semmle.label | id | +| graphql.js:26:11:26:28 | id | semmle.label | id | +| graphql.js:26:16:26:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:27:30:27:40 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:27:37:27:38 | id | semmle.label | id | +| graphql.js:30:32:30:42 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:30:39:30:40 | id | semmle.label | id | +| graphql.js:33:18:33:28 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:33:25:33:26 | id | semmle.label | id | +| graphql.js:39:11:39:28 | id | semmle.label | id | +| graphql.js:39:16:39:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:44:14:44:24 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:44:21:44:22 | id | semmle.label | id | +| graphql.js:48:44:48:54 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:48:51:48:52 | id | semmle.label | id | +| graphql.js:55:11:55:28 | id | semmle.label | id | +| graphql.js:55:16:55:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:56:39:56:49 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:56:46:56:47 | id | semmle.label | id | +| graphql.js:58:66:58:76 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:58:73:58:74 | id | semmle.label | id | +| graphql.js:74:9:74:25 | id | semmle.label | id | +| graphql.js:74:14:74:25 | req.query.id | semmle.label | req.query.id | +| graphql.js:75:46:75:64 | "{ foo" + id + " }" | semmle.label | "{ foo" + id + " }" | +| graphql.js:75:56:75:57 | id | semmle.label | id | +| graphql.js:84:14:90:8 | `{\\n ... }` | semmle.label | `{\\n ... }` | +| graphql.js:88:13:88:14 | id | semmle.label | id | +| graphql.js:119:11:119:28 | id | semmle.label | id | +| graphql.js:119:16:119:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:120:38:120:48 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:120:45:120:46 | id | semmle.label | id | +| html-sanitizer.js:13:39:13:44 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:5:14:24 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:14:14:24 | xss(param1) | semmle.label | xss(param1) | +| html-sanitizer.js:14:18:14:23 | param1 | semmle.label | param1 | +| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | semmle.label | `SELECT ... param1 | +| html-sanitizer.js:16:54:16:59 | param1 | semmle.label | param1 | +| json-schema-validator.js:25:15:25:48 | query | semmle.label | query | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:25:34:25:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:33:22:33:26 | query | semmle.label | query | +| json-schema-validator.js:35:18:35:22 | query | semmle.label | query | +| json-schema-validator.js:50:15:50:48 | query | semmle.label | query | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:50:34:50:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:55:22:55:26 | query | semmle.label | query | +| json-schema-validator.js:59:22:59:26 | query | semmle.label | query | +| json-schema-validator.js:61:22:61:26 | query | semmle.label | query | +| koarouter.js:5:11:5:33 | version | semmle.label | version | +| koarouter.js:5:13:5:19 | version | semmle.label | version | +| koarouter.js:14:9:14:18 | [post update] conditions | semmle.label | [post update] conditions | +| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | semmle.label | [post update] conditions [ArrayElement] | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | semmle.label | `versio ... rsion}` | +| koarouter.js:14:38:14:44 | version | semmle.label | version | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | semmle.label | `SELECT ... nd ')}` | +| koarouter.js:17:52:17:61 | conditions | semmle.label | conditions | +| koarouter.js:17:52:17:61 | conditions [ArrayElement] | semmle.label | conditions [ArrayElement] | +| koarouter.js:17:52:17:75 | conditi ... and ') | semmle.label | conditi ... and ') | +| ldap.js:20:7:20:34 | q | semmle.label | q | +| ldap.js:20:11:20:34 | url.par ... , true) | semmle.label | url.par ... , true) | +| ldap.js:20:21:20:27 | req.url | semmle.label | req.url | +| ldap.js:22:7:22:33 | username | semmle.label | username | +| ldap.js:22:18:22:18 | q | semmle.label | q | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:25:24:25:31 | username | semmle.label | username | +| ldap.js:25:46:25:53 | username | semmle.label | username | +| ldap.js:28:30:28:34 | opts1 | semmle.label | opts1 | +| ldap.js:32:5:32:61 | { filte ... e}))` } | semmle.label | { filte ... e}))` } | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:32:26:32:33 | username | semmle.label | username | +| ldap.js:32:48:32:55 | username | semmle.label | username | +| ldap.js:63:9:65:3 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | semmle.label | ldap.pa ... ))`\\n ) | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:64:16:64:23 | username | semmle.label | username | +| ldap.js:64:38:64:45 | username | semmle.label | username | +| ldap.js:66:30:66:53 | { filte ... ilter } | semmle.label | { filte ... ilter } | +| ldap.js:66:40:66:51 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:68:27:68:42 | `cn=${username}` | semmle.label | `cn=${username}` | +| ldap.js:68:33:68:40 | username | semmle.label | username | +| marsdb-flow-to.js:10:9:10:18 | query | semmle.label | query | +| marsdb-flow-to.js:10:17:10:18 | {} | semmle.label | {} | +| marsdb-flow-to.js:11:17:11:24 | req.body | semmle.label | req.body | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | semmle.label | req.body.title | +| marsdb-flow-to.js:14:17:14:21 | query | semmle.label | query | +| marsdb.js:12:9:12:18 | query | semmle.label | query | +| marsdb.js:12:17:12:18 | {} | semmle.label | {} | +| marsdb.js:13:17:13:24 | req.body | semmle.label | req.body | +| marsdb.js:13:17:13:30 | req.body.title | semmle.label | req.body.title | +| marsdb.js:16:12:16:16 | query | semmle.label | query | +| minimongo.js:14:9:14:18 | query | semmle.label | query | +| minimongo.js:14:17:14:18 | {} | semmle.label | {} | +| minimongo.js:15:17:15:24 | req.body | semmle.label | req.body | +| minimongo.js:15:17:15:30 | req.body.title | semmle.label | req.body.title | +| minimongo.js:18:12:18:16 | query | semmle.label | query | +| mongodb.js:12:11:12:20 | query | semmle.label | query | +| mongodb.js:12:19:12:20 | {} | semmle.label | {} | +| mongodb.js:13:5:13:9 | query | semmle.label | query | +| mongodb.js:13:19:13:26 | req.body | semmle.label | req.body | +| mongodb.js:13:19:13:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:18:16:18:20 | query | semmle.label | query | +| mongodb.js:26:11:26:32 | title | semmle.label | title | +| mongodb.js:26:19:26:26 | req.body | semmle.label | req.body | +| mongodb.js:26:19:26:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:32:18:32:45 | { title ... itle) } | semmle.label | { title ... itle) } | +| mongodb.js:32:27:32:43 | JSON.parse(title) | semmle.label | JSON.parse(title) | +| mongodb.js:32:38:32:42 | title | semmle.label | title | +| mongodb.js:48:11:48:20 | query | semmle.label | query | +| mongodb.js:48:19:48:20 | {} | semmle.label | {} | +| mongodb.js:49:5:49:9 | query | semmle.label | query | +| mongodb.js:49:19:49:33 | req.query.title | semmle.label | req.query.title | +| mongodb.js:54:16:54:20 | query | semmle.label | query | +| mongodb.js:59:8:59:17 | query | semmle.label | query | +| mongodb.js:59:16:59:17 | {} | semmle.label | {} | +| mongodb.js:60:2:60:6 | query | semmle.label | query | +| mongodb.js:60:16:60:30 | req.query.title | semmle.label | req.query.title | +| mongodb.js:65:12:65:16 | query | semmle.label | query | +| mongodb.js:70:7:70:25 | tag | semmle.label | tag | +| mongodb.js:70:13:70:25 | req.query.tag | semmle.label | req.query.tag | +| mongodb.js:77:14:77:26 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:77:22:77:24 | tag | semmle.label | tag | +| mongodb.js:85:12:85:24 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:85:20:85:22 | tag | semmle.label | tag | +| mongodb.js:106:9:106:18 | query | semmle.label | query | +| mongodb.js:106:17:106:18 | {} | semmle.label | {} | +| mongodb.js:107:3:107:7 | query | semmle.label | query | +| mongodb.js:107:17:107:29 | queries.title | semmle.label | queries.title | +| mongodb.js:112:14:112:18 | query | semmle.label | query | +| mongodb_bodySafe.js:23:11:23:20 | query | semmle.label | query | +| mongodb_bodySafe.js:23:19:23:20 | {} | semmle.label | {} | +| mongodb_bodySafe.js:24:5:24:9 | query | semmle.label | query | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | semmle.label | req.query.title | +| mongodb_bodySafe.js:29:16:29:20 | query | semmle.label | query | +| mongoose.js:20:8:20:17 | query | semmle.label | query | +| mongoose.js:20:16:20:17 | {} | semmle.label | {} | +| mongoose.js:21:2:21:6 | query | semmle.label | query | +| mongoose.js:21:16:21:23 | req.body | semmle.label | req.body | +| mongoose.js:21:16:21:29 | req.body.title | semmle.label | req.body.title | +| mongoose.js:24:21:24:27 | [query] | semmle.label | [query] | +| mongoose.js:24:22:24:26 | query | semmle.label | query | +| mongoose.js:27:17:27:21 | query | semmle.label | query | +| mongoose.js:30:22:30:26 | query | semmle.label | query | +| mongoose.js:33:21:33:25 | query | semmle.label | query | +| mongoose.js:36:28:36:32 | query | semmle.label | query | +| mongoose.js:39:16:39:20 | query | semmle.label | query | +| mongoose.js:42:19:42:23 | query | semmle.label | query | +| mongoose.js:45:28:45:32 | query | semmle.label | query | +| mongoose.js:48:28:48:32 | query | semmle.label | query | +| mongoose.js:51:28:51:32 | query | semmle.label | query | +| mongoose.js:54:22:54:26 | query | semmle.label | query | +| mongoose.js:57:18:57:22 | query | semmle.label | query | +| mongoose.js:60:22:60:26 | query | semmle.label | query | +| mongoose.js:63:21:63:25 | query | semmle.label | query | +| mongoose.js:65:32:65:36 | query | semmle.label | query | +| mongoose.js:67:27:67:31 | query | semmle.label | query | +| mongoose.js:68:8:68:12 | query | semmle.label | query | +| mongoose.js:71:17:71:21 | query | semmle.label | query | +| mongoose.js:72:10:72:14 | query | semmle.label | query | +| mongoose.js:73:8:73:12 | query | semmle.label | query | +| mongoose.js:74:7:74:11 | query | semmle.label | query | +| mongoose.js:75:16:75:20 | query | semmle.label | query | +| mongoose.js:76:12:76:16 | query | semmle.label | query | +| mongoose.js:77:10:77:14 | query | semmle.label | query | +| mongoose.js:81:37:81:41 | query | semmle.label | query | +| mongoose.js:82:46:82:50 | query | semmle.label | query | +| mongoose.js:83:47:83:51 | query | semmle.label | query | +| mongoose.js:85:46:85:50 | query | semmle.label | query | +| mongoose.js:87:51:87:55 | query | semmle.label | query | +| mongoose.js:89:46:89:50 | query | semmle.label | query | +| mongoose.js:92:46:92:50 | query | semmle.label | query | +| mongoose.js:94:51:94:55 | query | semmle.label | query | +| mongoose.js:96:46:96:50 | query | semmle.label | query | +| mongoose.js:104:21:104:25 | query | semmle.label | query | +| mongoose.js:111:14:111:18 | query | semmle.label | query | +| mongoose.js:113:31:113:35 | query | semmle.label | query | +| mongoose.js:115:6:115:22 | id | semmle.label | id | +| mongoose.js:115:11:115:22 | req.query.id | semmle.label | req.query.id | +| mongoose.js:115:25:115:45 | cond | semmle.label | cond | +| mongoose.js:115:32:115:45 | req.query.cond | semmle.label | req.query.cond | +| mongoose.js:116:22:116:25 | cond | semmle.label | cond | +| mongoose.js:117:21:117:24 | cond | semmle.label | cond | +| mongoose.js:118:21:118:24 | cond | semmle.label | cond | +| mongoose.js:119:18:119:21 | cond | semmle.label | cond | +| mongoose.js:120:22:120:25 | cond | semmle.label | cond | +| mongoose.js:121:16:121:19 | cond | semmle.label | cond | +| mongoose.js:122:19:122:22 | cond | semmle.label | cond | +| mongoose.js:123:20:123:21 | id | semmle.label | id | +| mongoose.js:124:28:124:31 | cond | semmle.label | cond | +| mongoose.js:125:28:125:31 | cond | semmle.label | cond | +| mongoose.js:126:28:126:31 | cond | semmle.label | cond | +| mongoose.js:127:18:127:21 | cond | semmle.label | cond | +| mongoose.js:128:22:128:25 | cond | semmle.label | cond | +| mongoose.js:129:21:129:24 | cond | semmle.label | cond | +| mongoose.js:130:16:130:26 | { _id: id } | semmle.label | { _id: id } | +| mongoose.js:130:23:130:24 | id | semmle.label | id | +| mongoose.js:133:38:133:42 | query | semmle.label | query | +| mongoose.js:136:30:136:34 | query | semmle.label | query | +| mongooseJsonParse.js:19:11:19:20 | query | semmle.label | query | +| mongooseJsonParse.js:19:19:19:20 | {} | semmle.label | {} | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | semmle.label | JSON.pa ... ).title | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | semmle.label | req.query.data | +| mongooseJsonParse.js:23:19:23:23 | query | semmle.label | query | +| mongooseModelClient.js:10:7:10:32 | v | semmle.label | v | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| mongooseModelClient.js:10:22:10:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:10:22:10:31 | req.body.x | semmle.label | req.body.x | +| mongooseModelClient.js:11:16:11:24 | { id: v } | semmle.label | { id: v } | +| mongooseModelClient.js:11:22:11:22 | v | semmle.label | v | +| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | semmle.label | { id: req.body.id } | +| mongooseModelClient.js:12:22:12:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:12:22:12:32 | req.body.id | semmle.label | req.body.id | +| mysql.js:6:9:6:31 | temp | semmle.label | temp | +| mysql.js:6:16:6:31 | req.params.value | semmle.label | req.params.value | +| mysql.js:15:18:15:65 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:15:62:15:65 | temp | semmle.label | temp | +| mysql.js:19:26:19:73 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:19:70:19:73 | temp | semmle.label | temp | +| pg-promise-types.ts:7:9:7:28 | taint | semmle.label | taint | +| pg-promise-types.ts:7:17:7:28 | req.params.x | semmle.label | req.params.x | +| pg-promise-types.ts:8:17:8:21 | taint | semmle.label | taint | +| pg-promise.js:6:7:7:55 | query | semmle.label | query | +| pg-promise.js:7:16:7:34 | req.params.category | semmle.label | req.params.category | +| pg-promise.js:9:10:9:14 | query | semmle.label | query | +| pg-promise.js:10:11:10:15 | query | semmle.label | query | +| pg-promise.js:11:17:11:21 | query | semmle.label | query | +| pg-promise.js:12:10:12:14 | query | semmle.label | query | +| pg-promise.js:13:12:13:16 | query | semmle.label | query | +| pg-promise.js:14:18:14:22 | query | semmle.label | query | +| pg-promise.js:15:11:15:15 | query | semmle.label | query | +| pg-promise.js:16:10:16:14 | query | semmle.label | query | +| pg-promise.js:17:16:17:20 | query | semmle.label | query | +| pg-promise.js:18:12:18:16 | query | semmle.label | query | +| pg-promise.js:19:13:19:17 | query | semmle.label | query | +| pg-promise.js:22:11:22:15 | query | semmle.label | query | +| pg-promise.js:30:13:30:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:34:13:34:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | semmle.label | [\\n ... n\\n ] | +| pg-promise.js:39:7:39:19 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:40:7:40:21 | req.params.name | semmle.label | req.params.name | +| pg-promise.js:41:7:41:20 | req.params.foo | semmle.label | req.params.foo | +| pg-promise.js:47:11:47:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:54:11:54:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:56:14:56:29 | req.params.title | semmle.label | req.params.title | +| pg-promise.js:60:20:60:24 | query | semmle.label | query | +| pg-promise.js:63:23:63:27 | query | semmle.label | query | +| pg-promise.js:64:16:64:20 | query | semmle.label | query | +| redis.js:10:16:10:23 | req.body | semmle.label | req.body | +| redis.js:10:16:10:27 | req.body.key | semmle.label | req.body.key | +| redis.js:12:9:12:26 | key | semmle.label | key | +| redis.js:12:15:12:22 | req.body | semmle.label | req.body | +| redis.js:12:15:12:26 | req.body.key | semmle.label | req.body.key | +| redis.js:13:16:13:18 | key | semmle.label | key | +| redis.js:18:16:18:18 | key | semmle.label | key | +| redis.js:19:43:19:45 | key | semmle.label | key | +| redis.js:25:14:25:16 | key | semmle.label | key | +| redis.js:26:14:26:16 | key | semmle.label | key | +| redis.js:30:23:30:25 | key | semmle.label | key | +| redis.js:32:28:32:30 | key | semmle.label | key | +| redis.js:38:11:38:28 | key | semmle.label | key | +| redis.js:38:17:38:24 | req.body | semmle.label | req.body | +| redis.js:38:17:38:28 | req.body.key | semmle.label | req.body.key | +| redis.js:39:16:39:18 | key | semmle.label | key | +| redis.js:43:27:43:29 | key | semmle.label | key | +| redis.js:46:34:46:36 | key | semmle.label | key | +| socketio.js:10:25:10:30 | handle | semmle.label | handle | +| socketio.js:11:12:11:53 | `INSERT ... andle}` | semmle.label | `INSERT ... andle}` | +| socketio.js:11:46:11:51 | handle | semmle.label | handle | +| tst2.js:9:27:9:84 | "select ... d + "'" | semmle.label | "select ... d + "'" | +| tst2.js:9:66:9:78 | req.params.id | semmle.label | req.params.id | +| tst3.js:7:7:8:55 | query1 | semmle.label | query1 | +| tst3.js:8:16:8:34 | req.params.category | semmle.label | req.params.category | +| tst3.js:9:14:9:19 | query1 | semmle.label | query1 | +| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst4.js:8:46:8:60 | $routeParams.id | semmle.label | $routeParams.id | +| tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id | edges -| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | -| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | -| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | -| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | -| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | -| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | -| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | -| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | -| ldap.js:22:18:22:18 | q | ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:24 | q.query | ldap.js:22:18:22:33 | q.query.username | -| ldap.js:22:18:22:33 | q.query.username | ldap.js:22:7:22:33 | username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | -| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | -| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | -| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | -| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | -| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | -| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | -| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | pg-promise.js:6:7:7:55 | query | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | -| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | tst3.js:7:7:8:55 | query1 | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | +| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | provenance | | +| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | provenance | | +| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | provenance | | +| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | provenance | | +| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | provenance | | +| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | provenance | | +| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | provenance | | +| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | provenance | | +| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | provenance | | +| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | provenance | | +| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | provenance | | +| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | provenance | | +| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | provenance | | +| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | provenance | | +| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | provenance | | +| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | provenance | | +| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | provenance | | +| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | provenance | | +| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | provenance | | +| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | provenance | | +| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | provenance | | +| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | provenance | | +| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | provenance | Config | +| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | provenance | | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | provenance | | +| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | provenance | Config | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | provenance | | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | provenance | | +| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | provenance | Config | +| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | | +| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | | +| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:17:52:17:61 | conditions | provenance | | +| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | koarouter.js:17:52:17:61 | conditions [ArrayElement] | provenance | | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | provenance | | +| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | | +| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | | +| koarouter.js:17:52:17:61 | conditions [ArrayElement] | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | | +| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | provenance | | +| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | provenance | | +| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | provenance | | +| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | provenance | | +| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | provenance | | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | provenance | Config | +| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | provenance | Config | +| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | provenance | | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | provenance | | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | provenance | Config | +| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | provenance | Config | +| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | provenance | | +| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | provenance | | +| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | provenance | | +| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | provenance | Config | +| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | provenance | | +| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | provenance | | +| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | provenance | Config | +| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | provenance | | +| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | provenance | | +| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | provenance | Config | +| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | provenance | | +| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | provenance | | +| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | provenance | | +| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | provenance | Config | +| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | provenance | | +| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | provenance | Config | +| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | provenance | | +| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | provenance | Config | +| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | provenance | Config | +| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | provenance | | +| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | provenance | | +| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | provenance | | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | provenance | Config | +| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | provenance | | +| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | provenance | | +| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | provenance | | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | provenance | Config | +| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | provenance | | +| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | provenance | | +| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | provenance | | +| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | provenance | Config | +| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | provenance | Config | +| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | provenance | | +| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | provenance | | +| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | provenance | | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | provenance | Config | +| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | provenance | | +| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | provenance | | +| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | provenance | | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | provenance | Config | +| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | provenance | | +| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | provenance | | +| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | provenance | | +| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | provenance | | +| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | provenance | Config | +| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | provenance | | +| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | provenance | | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | provenance | Config | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | provenance | Config | +| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | provenance | | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | provenance | | +| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | provenance | Config | +| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | provenance | Config | +| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | provenance | Config | +| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | provenance | Config | +| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | provenance | Config | +| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | provenance | | +| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | provenance | | +| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | provenance | | +| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | provenance | | +| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | provenance | | +| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | provenance | | +| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | provenance | | +| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | provenance | | +| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | provenance | Config | +| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | provenance | Config | +| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | provenance | | +| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | provenance | | +| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | provenance | Config | +| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | provenance | | +| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | provenance | | +| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | provenance | | +| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | provenance | | +| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | provenance | | +| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | provenance | | +| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | provenance | | +| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | provenance | | +subpaths #select | graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | | graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | @@ -951,6 +650,7 @@ edges | json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | koarouter.js:5:13:5:19 | version | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | This query string depends on a $@. | koarouter.js:5:13:5:19 | version | user-provided value | | ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 1193c5e33bc..e536c54dbd2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -1,335 +1,133 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value | | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 7e4bd305955..2be7dc659f2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -1,342 +1,135 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| eslint-escope-build.js:20:22:20:22 | c | semmle.label | c | +| eslint-escope-build.js:21:16:21:16 | c | semmle.label | c | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql index 2e5a95533f1..da6b4f631a9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql @@ -1,9 +1,9 @@ import javascript import semmle.javascript.heuristics.AdditionalSources import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.", source.getNode(), "User-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected index 0ab2f14e556..3b86bfb074d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected @@ -1,69 +1,37 @@ -nodes -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:64:27:64:36 | assignment | edges -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:6:24:6:25 | [] | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | provenance | | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | provenance | | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | | +| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | | +| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | | +| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | provenance | | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | provenance | | +nodes +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | semmle.label | [post update] statements [ArrayElement] | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | semmle.label | safeProp(key) | +| bad-code-sanitization.js:8:27:8:36 | statements | semmle.label | statements | +| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | semmle.label | statements [ArrayElement] | +| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | semmle.label | statements.join(';') | +| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | semmle.label | htmlescape(pathname) | +| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | semmle.label | JSON.st ... (taint) | +| bad-code-sanitization.js:63:11:63:55 | assignment | semmle.label | assignment | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:64:27:64:36 | assignment | semmle.label | assignment | +subpaths #select | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on an $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | improperly sanitized value | | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on an $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | improperly sanitized value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected index 725c600ecaa..868f2a28744 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected @@ -1,127 +1,20 @@ -nodes -| lib/index.js:1:35:1:38 | data | -| lib/index.js:1:35:1:38 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:42:3:42:19 | opts | -| lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:44:21:44:24 | opts | -| lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:87:18:87:22 | taint | -| lib/index.js:89:36:89:40 | taint | -| lib/index.js:93:32:93:36 | taint | -| lib/index.js:98:30:98:34 | taint | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:113:20:113:24 | taint | -| lib/index.js:115:38:115:42 | taint | -| lib/index.js:121:34:121:38 | taint | -| lib/index.js:129:32:129:36 | taint | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:138:23:138:32 | this.taint | edges -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:3:42:19 | opts | lib/index.js:44:21:44:24 | opts | -| lib/index.js:42:10:42:13 | opts | lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:42:10:42:19 | opts \|\| {} | lib/index.js:42:3:42:19 | opts | -| lib/index.js:44:21:44:24 | opts | lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | +| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | provenance | | +| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | provenance | | +| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | provenance | | +| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | provenance | | +nodes +| lib/index.js:1:35:1:38 | data | semmle.label | data | +| lib/index.js:2:21:2:24 | data | semmle.label | data | +| lib/index.js:5:35:5:38 | name | semmle.label | name | +| lib/index.js:6:26:6:29 | name | semmle.label | name | +| lib/index.js:13:38:13:41 | data | semmle.label | data | +| lib/index.js:14:21:14:24 | data | semmle.label | data | +| lib/index.js:19:26:19:29 | data | semmle.label | data | +| lib/index.js:22:7:22:10 | data | semmle.label | data | +subpaths #select | lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:1:35:1:38 | data | library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code | | lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | This string concatenation which depends on $@ is later $@. | lib/index.js:5:35:5:38 | name | library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code | | lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:13:38:13:41 | data | library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code | | lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:19:26:19:29 | data | library input | lib/index.js:25:24:25:26 | str | interpreted as code | -| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | This string concatenation which depends on $@ is later $@. | lib/index.js:41:32:41:35 | opts | library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code | -| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code | -| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code | -| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code | -| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code | -| lib/index.js:135:23:135:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:135:12:135:69 | " var ... ing();" | interpreted as code | -| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code | -| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code | -| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected index 4005bd32dba..8511b6bcaf6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected @@ -1,76 +1,60 @@ -nodes -| example.js:9:37:9:38 | ev | -| example.js:9:37:9:38 | ev | -| example.js:10:9:10:37 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:10:30:10:31 | ev | -| example.js:10:30:10:36 | ev.data | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:18 | message | -| example.js:13:12:13:23 | message.name | -| tst.js:3:37:3:38 | ev | -| tst.js:3:37:3:38 | ev | -| tst.js:4:9:4:37 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:4:30:4:31 | ev | -| tst.js:4:30:4:36 | ev.data | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:18 | message | -| tst.js:5:12:5:23 | message.name | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:22 | message | -| tst.js:6:16:6:27 | message.name | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:13 | message | -| tst.js:11:7:11:18 | message.name | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:12:15:13 | ev | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | -| tst.js:21:17:21:23 | message | -| tst.js:21:17:21:28 | message.name | edges -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | -| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | -| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | -| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | -| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | -| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | -| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | -| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | -| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | -| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | +| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | | +| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | | +| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | | +| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | Config | +| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | Config | +| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | Config | +| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | Config | +| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | | +| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | | +| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | | +| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | Config | +| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | Config | +| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | Config | +| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | Config | +| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | Config | +| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | Config | +| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | Config | +| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | Config | +| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | Config | +| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | Config | +| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | Config | +| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | Config | +nodes +| example.js:9:37:9:38 | ev | semmle.label | ev | +| example.js:10:9:10:37 | message | semmle.label | message | +| example.js:10:19:10:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| example.js:10:30:10:31 | ev | semmle.label | ev | +| example.js:10:30:10:36 | ev.data | semmle.label | ev.data | +| example.js:13:5:13:24 | window[message.name] | semmle.label | window[message.name] | +| example.js:13:12:13:18 | message | semmle.label | message | +| example.js:13:12:13:23 | message.name | semmle.label | message.name | +| tst.js:3:37:3:38 | ev | semmle.label | ev | +| tst.js:4:9:4:37 | message | semmle.label | message | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:4:30:4:31 | ev | semmle.label | ev | +| tst.js:4:30:4:36 | ev.data | semmle.label | ev.data | +| tst.js:5:5:5:24 | window[message.name] | semmle.label | window[message.name] | +| tst.js:5:12:5:18 | message | semmle.label | message | +| tst.js:5:12:5:23 | message.name | semmle.label | message.name | +| tst.js:6:9:6:28 | window[message.name] | semmle.label | window[message.name] | +| tst.js:6:16:6:22 | message | semmle.label | message | +| tst.js:6:16:6:27 | message.name | semmle.label | message.name | +| tst.js:11:5:11:19 | f[message.name] | semmle.label | f[message.name] | +| tst.js:11:7:11:13 | message | semmle.label | message | +| tst.js:11:7:11:18 | message.name | semmle.label | message.name | +| tst.js:15:5:15:14 | window[ev] | semmle.label | window[ev] | +| tst.js:15:12:15:13 | ev | semmle.label | ev | +| tst.js:21:5:21:29 | window[ ... e.name] | semmle.label | window[ ... e.name] | +| tst.js:21:12:21:28 | '' + message.name | semmle.label | '' + message.name | +| tst.js:21:17:21:23 | message | semmle.label | message | +| tst.js:21:17:21:28 | message.name | semmle.label | message.name | +subpaths #select | example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | user-controlled value | | tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value | diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected index 7c80b54be34..7af957d720a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected @@ -1,64 +1,25 @@ nodes -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:275:9:275:11 | arr | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +| tst.js:243:9:243:31 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:244:9:244:33 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:249:9:249:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:250:9:250:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:253:21:253:45 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:254:32:254:56 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:270:61:270:85 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:274:6:274:94 | arr | semmle.label | arr | +| tst.js:274:12:274:94 | s().val ... g , '') | semmle.label | s().val ... g , '') | +| tst.js:275:9:275:11 | arr | semmle.label | arr | +| tst.js:275:9:275:21 | arr.join(" ") | semmle.label | arr.join(" ") | +| tst.js:300:10:300:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:301:10:301:32 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:302:10:302:34 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:303:10:303:34 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | semmle.label | s().rep ... ;";\\n\\t}) | edges -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | provenance | | +| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | provenance | | +| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | provenance | | +subpaths #select | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step | | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step | diff --git a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected index 1f810f1beea..786bbb5c0b9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected @@ -1,227 +1,159 @@ -nodes -| logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:73:9:73:35 | username | -| logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:122:9:122:58 | username | -| logInjectionBad.js:122:20:122:43 | url.par ... , true) | -| logInjectionBad.js:122:20:122:49 | url.par ... ).query | -| logInjectionBad.js:122:20:122:58 | url.par ... sername | -| logInjectionBad.js:122:30:122:36 | req.url | -| logInjectionBad.js:122:30:122:36 | req.url | -| logInjectionBad.js:123:9:123:46 | otherStr | -| logInjectionBad.js:123:20:123:27 | username | -| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | -| logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] | -| logInjectionBad.js:124:17:124:24 | otherStr | -| logInjectionBad.js:124:17:124:24 | otherStr | -| logInjectionBad.js:128:20:128:43 | url.par ... , true) | -| logInjectionBad.js:128:20:128:49 | url.par ... ).query | -| logInjectionBad.js:128:20:128:58 | url.par ... sername | -| logInjectionBad.js:128:30:128:36 | req.url | -| logInjectionBad.js:128:30:128:36 | req.url | -| logInjectionBad.js:129:42:129:50 | RegExp.$1 | -| logInjectionBad.js:129:42:129:50 | RegExp.$1 | edges -| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:26 | q.query | logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:20:20:20:35 | q.query.username | logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:26 | q.query | logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:47:20:47:35 | q.query.username | logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username | -| logInjectionBad.js:122:9:122:58 | username | logInjectionBad.js:123:20:123:27 | username | -| logInjectionBad.js:122:20:122:43 | url.par ... , true) | logInjectionBad.js:122:20:122:49 | url.par ... ).query | -| logInjectionBad.js:122:20:122:49 | url.par ... ).query | logInjectionBad.js:122:20:122:58 | url.par ... sername | -| logInjectionBad.js:122:20:122:58 | url.par ... sername | logInjectionBad.js:122:9:122:58 | username | -| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) | -| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) | -| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr | -| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr | -| logInjectionBad.js:123:20:123:27 | username | logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | -| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] | -| logInjectionBad.js:123:20:123:46 | usernam ... */g)[0] | logInjectionBad.js:123:9:123:46 | otherStr | -| logInjectionBad.js:128:20:128:43 | url.par ... , true) | logInjectionBad.js:128:20:128:49 | url.par ... ).query | -| logInjectionBad.js:128:20:128:49 | url.par ... ).query | logInjectionBad.js:128:20:128:58 | url.par ... sername | -| logInjectionBad.js:128:20:128:58 | url.par ... sername | logInjectionBad.js:129:42:129:50 | RegExp.$1 | -| logInjectionBad.js:128:20:128:58 | url.par ... sername | logInjectionBad.js:129:42:129:50 | RegExp.$1 | -| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) | -| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) | +| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | provenance | | +| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | provenance | | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | provenance | | +| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | provenance | | +| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | provenance | | +| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | provenance | | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | provenance | | +| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | provenance | | +| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | provenance | | +| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | provenance | | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | provenance | | +| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | provenance | | +| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | provenance | | +| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | provenance | | +| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | provenance | | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | provenance | | +| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | provenance | | +| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | provenance | | +| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | provenance | | +| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | provenance | | +| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | provenance | | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | provenance | | +| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | provenance | | +| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | provenance | | +| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | provenance | | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | provenance | | +| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | provenance | | +| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | provenance | | +| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | provenance | | +| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | provenance | | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | provenance | | +| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | provenance | | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | provenance | | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | provenance | | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | provenance | | +| logInjectionBad.js:122:9:122:58 | username | logInjectionBad.js:123:20:123:27 | username | provenance | | +| logInjectionBad.js:122:20:122:43 | url.par ... , true) | logInjectionBad.js:122:9:122:58 | username | provenance | | +| logInjectionBad.js:122:30:122:36 | req.url | logInjectionBad.js:122:20:122:43 | url.par ... , true) | provenance | | +| logInjectionBad.js:123:9:123:46 | otherStr | logInjectionBad.js:124:17:124:24 | otherStr | provenance | | +| logInjectionBad.js:123:20:123:27 | username | logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | provenance | | +| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | logInjectionBad.js:123:9:123:46 | otherStr | provenance | | +| logInjectionBad.js:128:20:128:43 | url.par ... , true) | logInjectionBad.js:129:42:129:50 | RegExp.$1 | provenance | | +| logInjectionBad.js:128:30:128:36 | req.url | logInjectionBad.js:128:20:128:43 | url.par ... , true) | provenance | | +nodes +| logInjectionBad.js:7:25:7:32 | username | semmle.label | username | +| logInjectionBad.js:8:38:8:45 | username | semmle.label | username | +| logInjectionBad.js:19:9:19:36 | q | semmle.label | q | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:19:23:19:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:20:9:20:35 | username | semmle.label | username | +| logInjectionBad.js:20:20:20:20 | q | semmle.label | q | +| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | semmle.label | `[INFO] ... rname}` | +| logInjectionBad.js:22:34:22:41 | username | semmle.label | username | +| logInjectionBad.js:23:37:23:44 | username | semmle.label | username | +| logInjectionBad.js:24:35:24:42 | username | semmle.label | username | +| logInjectionBad.js:25:36:25:43 | username | semmle.label | username | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | semmle.label | exceptional return of check_u ... ername) | +| logInjectionBad.js:28:24:28:31 | username | semmle.label | username | +| logInjectionBad.js:29:14:29:18 | error | semmle.label | error | +| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | semmle.label | `[ERROR ... rror}"` | +| logInjectionBad.js:30:42:30:46 | error | semmle.label | error | +| logInjectionBad.js:46:9:46:36 | q | semmle.label | q | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:46:23:46:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:47:9:47:35 | username | semmle.label | username | +| logInjectionBad.js:47:20:47:20 | q | semmle.label | q | +| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | semmle.label | ansiCol ... ername) | +| logInjectionBad.js:49:46:49:53 | username | semmle.label | username | +| logInjectionBad.js:50:18:50:47 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:50:39:50:46 | username | semmle.label | username | +| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | semmle.label | wrapAns ... e), 20) | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:51:48:51:55 | username | semmle.label | username | +| logInjectionBad.js:52:17:52:47 | underli ... name))) | semmle.label | underli ... name))) | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | semmle.label | bold(blue(username)) | +| logInjectionBad.js:52:32:52:45 | blue(username) | semmle.label | blue(username) | +| logInjectionBad.js:52:37:52:44 | username | semmle.label | username | +| logInjectionBad.js:53:17:53:76 | highlig ... true}) | semmle.label | highlig ... true}) | +| logInjectionBad.js:53:27:53:34 | username | semmle.label | username | +| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | semmle.label | clc.red ... ername) | +| logInjectionBad.js:54:43:54:50 | username | semmle.label | username | +| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | semmle.label | sliceAn ... 20, 30) | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:55:48:55:55 | username | semmle.label | username | +| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | semmle.label | kleur.b ... ername) | +| logInjectionBad.js:56:47:56:54 | username | semmle.label | username | +| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:57:40:57:47 | username | semmle.label | username | +| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | semmle.label | stripAn ... rname)) | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:58:50:58:57 | username | semmle.label | username | +| logInjectionBad.js:63:9:63:36 | q | semmle.label | q | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:63:23:63:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:64:9:64:35 | username | semmle.label | username | +| logInjectionBad.js:64:20:64:20 | q | semmle.label | q | +| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | semmle.label | prettyj ... ername) | +| logInjectionBad.js:66:35:66:42 | username | semmle.label | username | +| logInjectionBad.js:72:9:72:36 | q | semmle.label | q | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:72:23:72:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:73:9:73:35 | username | semmle.label | username | +| logInjectionBad.js:73:20:73:20 | q | semmle.label | q | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:82:30:82:37 | username | semmle.label | username | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:91:26:91:33 | username | semmle.label | username | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:99:26:99:33 | username | semmle.label | username | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:113:37:113:44 | username | semmle.label | username | +| logInjectionBad.js:122:9:122:58 | username | semmle.label | username | +| logInjectionBad.js:122:20:122:43 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:122:30:122:36 | req.url | semmle.label | req.url | +| logInjectionBad.js:123:9:123:46 | otherStr | semmle.label | otherStr | +| logInjectionBad.js:123:20:123:27 | username | semmle.label | username | +| logInjectionBad.js:123:20:123:43 | usernam ... (/.*/g) | semmle.label | usernam ... (/.*/g) | +| logInjectionBad.js:124:17:124:24 | otherStr | semmle.label | otherStr | +| logInjectionBad.js:128:20:128:43 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:128:30:128:36 | req.url | semmle.label | req.url | +| logInjectionBad.js:129:42:129:50 | RegExp.$1 | semmle.label | RegExp.$1 | +subpaths +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | #select | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | | logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected index 856b4edf80a..8a3688cad56 100644 --- a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected +++ b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected @@ -1,85 +1,26 @@ -nodes -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | edges -| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | +nodes +| tst.js:5:15:5:30 | req.query.format | semmle.label | req.query.format | +| tst.js:6:26:6:41 | req.query.format | semmle.label | req.query.format | +| tst.js:7:15:7:30 | req.query.format | semmle.label | req.query.format | +| tst.js:8:17:8:32 | req.query.format | semmle.label | req.query.format | +| tst.js:9:16:9:31 | req.query.format | semmle.label | req.query.format | +| tst.js:10:12:10:27 | req.query.format | semmle.label | req.query.format | +| tst.js:11:32:11:47 | req.query.format | semmle.label | req.query.format | +| tst.js:12:21:12:36 | req.query.format | semmle.label | req.query.format | +| tst.js:13:35:13:50 | req.query.format | semmle.label | req.query.format | +| tst.js:14:29:14:44 | req.query.format | semmle.label | req.query.format | +| tst.js:15:30:15:45 | req.query.format | semmle.label | req.query.format | +| tst.js:16:26:16:41 | req.query.format | semmle.label | req.query.format | +| tst.js:17:30:17:45 | req.query.format | semmle.label | req.query.format | +| tst.js:18:38:18:53 | req.query.format | semmle.label | req.query.format | +| tst.js:20:17:20:32 | req.query.format | semmle.label | req.query.format | +| tst.js:21:16:21:31 | req.query.format | semmle.label | req.query.format | +| tst.js:22:17:22:32 | req.query.format | semmle.label | req.query.format | +| tst.js:24:25:24:40 | req.query.format | semmle.label | req.query.format | +| tst.js:25:33:25:48 | req.query.format | semmle.label | req.query.format | +| tst.js:26:34:26:49 | req.query.format | semmle.label | req.query.format | +subpaths #select | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on a $@. | tst.js:5:15:5:30 | req.query.format | user-provided value | | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on a $@. | tst.js:6:26:6:41 | req.query.format | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected index a38e0d41942..2aa2fcbe302 100644 --- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected +++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected @@ -1,143 +1,99 @@ -nodes -| FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| FileAccessToHttp.js:9:23:9:29 | content | -| bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:15:15:15:62 | postData | -| bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:33:21:33:28 | postData | -| googlecompiler.js:7:19:7:28 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:56:14:56:17 | data | -| readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:7:7:7:25 | s | -| readFileSync.js:7:11:7:14 | data | -| readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:26:18:26:18 | s | -| readFileSync.js:26:18:26:18 | s | -| readStreamRead.js:13:13:13:35 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:30:19:30:23 | chunk | -| request.js:6:19:6:26 | jsonData | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | -| request.js:13:18:13:24 | xmlData | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | -| request.js:28:52:28:55 | data | -| request.js:28:52:28:55 | data | -| request.js:35:14:35:17 | data | -| request.js:43:51:43:54 | data | -| request.js:43:51:43:54 | data | -| request.js:50:13:50:16 | data | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | -| sentAsHeaders.js:24:47:24:53 | content | edges -| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | -| googlecompiler.js:7:19:7:28 | codestring | googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring | -| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | -| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | -| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | -| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | -| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | -| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | -| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | -| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | +| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | provenance | | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | provenance | | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | | +| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | provenance | | +| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | provenance | | +| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | provenance | | +| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | provenance | | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | provenance | | +| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | provenance | | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | provenance | | +| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | provenance | | +| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | provenance | | +| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | provenance | | +| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | | +| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | | +| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | | +| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | provenance | | +| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | provenance | | +| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | | +| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | provenance | | +| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | provenance | | +| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | provenance | | +| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | provenance | | +| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | provenance | | +| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | provenance | | +| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | provenance | | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | provenance | | +| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | provenance | | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | provenance | | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | provenance | | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | provenance | | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | provenance | | +nodes +| FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") | +| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | semmle.label | {\\n hos ... ent }\\n} | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | semmle.label | { Referer: content } [Referer] | +| FileAccessToHttp.js:9:23:9:29 | content | semmle.label | content | +| bufferRead.js:12:13:12:43 | buffer | semmle.label | buffer | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | semmle.label | new Buf ... s.size) | +| bufferRead.js:13:21:13:26 | buffer | semmle.label | buffer | +| bufferRead.js:13:32:13:37 | buffer | semmle.label | buffer | +| bufferRead.js:15:15:15:62 | postData | semmle.label | postData | +| bufferRead.js:15:26:15:31 | buffer | semmle.label | buffer | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| bufferRead.js:33:21:33:28 | postData | semmle.label | postData | +| readFileSync.js:5:5:5:39 | data | semmle.label | data | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | semmle.label | fs.read ... t.txt") | +| readFileSync.js:7:7:7:25 | s | semmle.label | s | +| readFileSync.js:7:11:7:14 | data | semmle.label | data | +| readFileSync.js:7:11:7:25 | data.toString() | semmle.label | data.toString() | +| readFileSync.js:26:18:26:18 | s | semmle.label | s | +| readStreamRead.js:13:13:13:35 | chunk | semmle.label | chunk | +| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() | +| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk | +| request.js:6:19:6:26 | jsonData | semmle.label | jsonData | +| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} | +| request.js:8:12:8:19 | jsonData | semmle.label | jsonData | +| request.js:13:18:13:24 | xmlData | semmle.label | xmlData | +| request.js:16:11:23:3 | {\\n u ... ody\\n } | semmle.label | {\\n u ... ody\\n } | +| request.js:22:11:22:17 | xmlData | semmle.label | xmlData | +| request.js:28:52:28:55 | data | semmle.label | data | +| request.js:35:14:35:17 | data | semmle.label | data | +| request.js:43:51:43:54 | data | semmle.label | data | +| request.js:50:13:50:16 | data | semmle.label | data | +| sentAsHeaders.js:10:79:10:84 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:13:11:59 | content | semmle.label | content | +| sentAsHeaders.js:11:23:11:28 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| sentAsHeaders.js:12:9:12:81 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:25 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | semmle.label | content ... =", "") | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | semmle.label | content ... .trim() | +| sentAsHeaders.js:14:20:19:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:18:47:18:53 | content | semmle.label | content | +| sentAsHeaders.js:20:20:25:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:24:47:24:53 | content | semmle.label | content | +subpaths #select | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data | | bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data | -| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@. | googlecompiler.js:44:54:44:57 | data | file data | | readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data | | readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data | | request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data | diff --git a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected index e4c14a2060c..bd939420ab3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected +++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected @@ -1,34 +1,18 @@ -nodes -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | edges -| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | | +| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | | +| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | | +nodes +| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | semmle.label | [post update] data [foo] | +| PostMessageStar2.js:5:14:5:21 | password | semmle.label | password | +| PostMessageStar2.js:8:29:8:32 | data | semmle.label | data | +| PostMessageStar2.js:9:29:9:32 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:9:29:9:36 | data.foo | semmle.label | data.foo | +| PostMessageStar2.js:13:27:13:33 | authKey | semmle.label | authKey | +| PostMessageStar.js:1:27:1:34 | userName | semmle.label | userName | +subpaths #select | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | Sensitive data | | PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | Sensitive data | diff --git a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index d649d3b8a64..8754a6cbdf0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,33 +1,22 @@ -nodes -| node.js:8:10:8:12 | err | -| node.js:8:10:8:12 | err | -| node.js:11:13:11:15 | err | -| node.js:11:13:11:21 | err.stack | -| node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | -| tst.js:6:12:6:12 | e | -| tst.js:7:13:7:13 | e | -| tst.js:7:13:7:13 | e | -| tst.js:8:15:8:15 | e | -| tst.js:16:20:16:20 | e | -| tst.js:17:11:17:11 | e | -| tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:17 | e.stack | edges -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | -| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | -| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | +| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | provenance | | +| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | provenance | | +| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | provenance | | +| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | provenance | | +| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | provenance | | +| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | provenance | | +| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | provenance | | +nodes +| node.js:8:10:8:12 | err | semmle.label | err | +| node.js:11:13:11:15 | err | semmle.label | err | +| node.js:11:13:11:21 | err.stack | semmle.label | err.stack | +| tst.js:6:12:6:12 | e | semmle.label | e | +| tst.js:7:13:7:13 | e | semmle.label | e | +| tst.js:8:15:8:15 | e | semmle.label | e | +| tst.js:16:20:16:20 | e | semmle.label | e | +| tst.js:17:11:17:11 | e | semmle.label | e | +| tst.js:17:11:17:17 | e.stack | semmle.label | e.stack | +subpaths #select | node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information | | tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected index 8514ae58104..a5f0eb8e860 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected @@ -1,67 +1,58 @@ -nodes -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:16:20:16:22 | env | -| build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:23:39:23:41 | raw | -| build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:24:20:24:22 | env | -| build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | -| build-leaks.js:41:82:41:83 | pw | edges -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:13:11:19:10 | raw | build-leaks.js:23:39:23:41 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:39 | process.env[key] | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:21:11:26:5 | stringifed | build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:23:39:23:46 | raw[key] | build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | | +| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | | +| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | | +| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:16:20:16:22 | env | provenance | | +| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | Config | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | | +| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | | +| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | | +| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | | +| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | | +nodes +| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) | +| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env | +| build-leaks.js:13:11:19:10 | raw | semmle.label | raw | +| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) | +| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env | +| build-leaks.js:16:20:16:22 | env | semmle.label | env | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) | +| build-leaks.js:22:36:22:38 | raw | semmle.label | raw | +| build-leaks.js:22:49:22:51 | env | semmle.label | env | +| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:23:39:23:41 | raw | semmle.label | raw | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | semmle.label | getEnv('production') [stringified, process.env] | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified | semmle.label | getEnv( ... ngified | +| build-leaks.js:40:9:40:60 | pw | semmle.label | pw | +| build-leaks.js:40:14:40:60 | url.par ... assword | semmle.label | url.par ... assword | +| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) | +| build-leaks.js:41:82:41:83 | pw | semmle.label | pw | +subpaths +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | #select | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment | | build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index bcd3160289f..8a0bbb6077a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,308 +1,182 @@ -nodes -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | -| passwords.js:10:11:10:18 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | -| passwords.js:14:31:14:38 | password | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | -| passwords.js:16:29:16:36 | password | -| passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:23:9:25:5 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | -| passwords.js:24:12:24:19 | password | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:28:9:28:17 | obj3 | -| passwords.js:28:16:28:17 | {} | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:30:14:30:21 | password | -| passwords.js:30:14:30:21 | password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | -| passwords.js:80:18:80:25 | password | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:24:81:29 | secret | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | -| passwords.js:93:39:93:46 | password | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | -| passwords.js:98:39:98:46 | password | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | -| passwords.js:105:39:105:46 | password | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | -| passwords.js:110:39:110:46 | password | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | -| passwords.js:114:43:114:50 | password | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | -| passwords.js:119:39:119:46 | password | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:49 | password.toString() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | -| passwords.js:130:12:130:19 | password | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:135:17:135:22 | config | -| passwords.js:135:17:135:22 | config | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:147:12:147:19 | password | -| passwords.js:147:12:147:19 | password | -| passwords.js:149:21:149:28 | config.x | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:154:21:154:28 | procdesc | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:182:14:182:21 | password | -| passwords.js:182:14:182:21 | password | -| passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:8:17:8:17 | x | -| passwords_in_server_5.js:8:17:8:17 | x | edges -| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | passwords.js:23:9:25:5 | obj2 | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:16:28:17 | {} | passwords.js:28:9:28:17 | obj3 | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode | -| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | -| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | +| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | provenance | | +| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | provenance | | +| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | provenance | | +| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | provenance | | +| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | provenance | | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | provenance | | +| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | provenance | | +| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance | | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | provenance | | +| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance | | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | provenance | | +| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance | | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | provenance | | +| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | provenance | | +| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | provenance | | +| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | provenance | | +| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | provenance | | +| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | provenance | | +| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | provenance | | +| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | provenance | | +| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | provenance | | +| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | provenance | | +| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | provenance | | +| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | provenance | | +| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | provenance | | +| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | provenance | | +| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | provenance | | +| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | provenance | | +| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | provenance | | +| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | provenance | | +| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | provenance | | +| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | provenance | | +| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments | provenance | | +| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments | provenance | | +| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | | +| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | | +| passwords.js:142:26:142:34 | arguments | passwords.js:142:26:142:34 | [apply call taint node] | provenance | | +| passwords.js:142:26:142:34 | arguments [0] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | | +| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | | +| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | | +| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | provenance | | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | provenance | | +| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | provenance | | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments [0] | provenance | | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments [0] | provenance | | +| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | provenance | | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | provenance | | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | provenance | | +| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | provenance | | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments [0] | provenance | | +| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | provenance | | +| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | provenance | | +| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | provenance | | +| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | provenance | | +| passwords.js:182:14:182:21 | password | passwords.js:182:14:182:51 | passwor ... ), "*") | provenance | | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | provenance | | +| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | provenance | | +nodes +| passwords.js:2:17:2:24 | password | semmle.label | password | +| passwords.js:3:17:3:26 | o.password | semmle.label | o.password | +| passwords.js:4:17:4:29 | getPassword() | semmle.label | getPassword() | +| passwords.js:5:17:5:31 | o.getPassword() | semmle.label | o.getPassword() | +| passwords.js:7:20:7:20 | x | semmle.label | x | +| passwords.js:8:21:8:21 | x | semmle.label | x | +| passwords.js:10:11:10:18 | password | semmle.label | password | +| passwords.js:12:18:12:25 | password | semmle.label | password | +| passwords.js:14:17:14:38 | name + ... assword | semmle.label | name + ... assword | +| passwords.js:14:31:14:38 | password | semmle.label | password | +| passwords.js:16:17:16:38 | `${name ... sword}` | semmle.label | `${name ... sword}` | +| passwords.js:16:29:16:36 | password | semmle.label | password | +| passwords.js:18:9:20:5 | obj1 [password] | semmle.label | obj1 [password] | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | semmle.label | {\\n ... x\\n } [password] | +| passwords.js:19:19:19:19 | x | semmle.label | x | +| passwords.js:21:17:21:20 | obj1 | semmle.label | obj1 | +| passwords.js:23:9:25:5 | obj2 [x] | semmle.label | obj2 [x] | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:24:12:24:19 | password | semmle.label | password | +| passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] | +| passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:78:17:78:38 | temp.en ... assword | semmle.label | temp.en ... assword | +| passwords.js:80:9:80:25 | secret | semmle.label | secret | +| passwords.js:80:18:80:25 | password | semmle.label | password | +| passwords.js:81:17:81:31 | `pw: ${secret}` | semmle.label | `pw: ${secret}` | +| passwords.js:81:24:81:29 | secret | semmle.label | secret | +| passwords.js:93:21:93:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:93:39:93:46 | password | semmle.label | password | +| passwords.js:98:21:98:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:98:39:98:46 | password | semmle.label | password | +| passwords.js:105:21:105:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:105:39:105:46 | password | semmle.label | password | +| passwords.js:110:21:110:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:110:39:110:46 | password | semmle.label | password | +| passwords.js:114:25:114:50 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:114:43:114:50 | password | semmle.label | password | +| passwords.js:119:21:119:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:119:39:119:46 | password | semmle.label | password | +| passwords.js:122:17:122:49 | name + ... tring() | semmle.label | name + ... tring() | +| passwords.js:122:31:122:38 | password | semmle.label | password | +| passwords.js:122:31:122:49 | password.toString() | semmle.label | password.toString() | +| passwords.js:123:17:123:48 | name + ... lueOf() | semmle.label | name + ... lueOf() | +| passwords.js:123:31:123:38 | password | semmle.label | password | +| passwords.js:123:31:123:48 | password.valueOf() | semmle.label | password.valueOf() | +| passwords.js:127:9:132:5 | config [password] | semmle.label | config [password] | +| passwords.js:127:9:132:5 | config [x] | semmle.label | config [x] | +| passwords.js:127:9:132:5 | config [y] | semmle.label | config [y] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | semmle.label | {\\n ... )\\n } [password] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | semmle.label | {\\n ... )\\n } [x] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | semmle.label | {\\n ... )\\n } [y] | +| passwords.js:128:19:128:19 | x | semmle.label | x | +| passwords.js:130:12:130:19 | password | semmle.label | password | +| passwords.js:131:12:131:24 | getPassword() | semmle.label | getPassword() | +| passwords.js:135:17:135:22 | config | semmle.label | config | +| passwords.js:136:17:136:22 | config [x] | semmle.label | config [x] | +| passwords.js:136:17:136:24 | config.x | semmle.label | config.x | +| passwords.js:137:17:137:22 | config [y] | semmle.label | config [y] | +| passwords.js:137:17:137:24 | config.y | semmle.label | config.y | +| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] | +| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] | +| passwords.js:142:26:142:34 | arguments | semmle.label | arguments | +| passwords.js:142:26:142:34 | arguments | semmle.label | arguments | +| passwords.js:142:26:142:34 | arguments [0] | semmle.label | arguments [0] | +| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] | +| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] | +| passwords.js:146:9:148:5 | config [x] | semmle.label | config [x] | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:147:12:147:19 | password | semmle.label | password | +| passwords.js:149:21:149:26 | config [x] | semmle.label | config [x] | +| passwords.js:149:21:149:28 | config.x | semmle.label | config.x | +| passwords.js:150:21:150:31 | process.env | semmle.label | process.env | +| passwords.js:152:9:152:63 | procdesc | semmle.label | procdesc | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | semmle.label | Util.in ... ss.env) | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | semmle.label | Util.in ... /g, '') | +| passwords.js:152:33:152:43 | process.env | semmle.label | process.env | +| passwords.js:154:21:154:28 | procdesc | semmle.label | procdesc | +| passwords.js:156:17:156:27 | process.env | semmle.label | process.env | +| passwords.js:163:14:163:21 | password | semmle.label | password | +| passwords.js:163:14:163:41 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:164:14:164:21 | password | semmle.label | password | +| passwords.js:164:14:164:42 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:169:17:169:24 | password | semmle.label | password | +| passwords.js:169:17:169:45 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:170:11:170:18 | password | semmle.label | password | +| passwords.js:170:11:170:39 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:173:17:173:26 | myPassword | semmle.label | myPassword | +| passwords.js:176:17:176:26 | myPasscode | semmle.label | myPasscode | +| passwords.js:182:14:182:21 | password | semmle.label | password | +| passwords.js:182:14:182:51 | passwor ... ), "*") | semmle.label | passwor ... ), "*") | +| passwords_in_browser1.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_browser2.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_1.js:6:13:6:20 | password | semmle.label | password | +| passwords_in_server_2.js:3:13:3:20 | password | semmle.label | password | +| passwords_in_server_3.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_4.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | semmle.label | req.query.password | +| passwords_in_server_5.js:7:12:7:12 | x | semmle.label | x | +| passwords_in_server_5.js:8:17:8:17 | x | semmle.label | x | +subpaths #select | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:2:17:2:24 | password | an access to password | | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | This logs sensitive data returned by $@ as clear text. | passwords.js:3:17:3:26 | o.password | an access to password | @@ -312,9 +186,8 @@ edges | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:12:18:12:25 | password | an access to password | | passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:14:31:14:38 | password | an access to password | | passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password | -| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:18:16:20:5 | {\\n ... x\\n } | an access to password | +| passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password | | passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password | -| passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password | | passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password | | passwords.js:81:17:81:31 | `pw: ${secret}` | passwords.js:80:18:80:25 | password | passwords.js:81:17:81:31 | `pw: ${secret}` | This logs sensitive data returned by $@ as clear text. | passwords.js:80:18:80:25 | password | an access to password | | passwords.js:93:21:93:46 | "Passwo ... assword | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:93:39:93:46 | password | an access to password | @@ -325,7 +198,7 @@ edges | passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:119:39:119:46 | password | an access to password | | passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | This logs sensitive data returned by $@ as clear text. | passwords.js:122:31:122:38 | password | an access to password | | passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | This logs sensitive data returned by $@ as clear text. | passwords.js:123:31:123:38 | password | an access to password | -| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:127:18:132:5 | {\\n ... )\\n } | an access to password | +| passwords.js:135:17:135:22 | config | passwords.js:128:19:128:19 | x | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:128:19:128:19 | x | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword | | passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected index 7016dbbffa8..e6a5f7f551e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected @@ -1,57 +1,26 @@ -nodes -| CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage.js:5:7:5:40 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:7:26:7:27 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | edges -| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | tst-webstorage.js:4:29:4:41 | data.password | +| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | provenance | | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | provenance | | +| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | provenance | | +| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | provenance | | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | provenance | | +nodes +| CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | semmle.label | url.par ... assword | +| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | semmle.label | 'password=' + pw | +| CleartextStorage2.js:7:33:7:34 | pw | semmle.label | pw | +| CleartextStorage.js:5:7:5:40 | pw | semmle.label | pw | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | semmle.label | req.par ... sword") | +| CleartextStorage.js:7:26:7:27 | pw | semmle.label | pw | +| tst-angularjs.js:3:32:3:45 | data1.password | semmle.label | data1.password | +| tst-angularjs.js:4:33:4:46 | data2.password | semmle.label | data2.password | +| tst-angularjs.js:5:27:5:40 | data3.password | semmle.label | data3.password | +| tst-angularjs.js:6:33:6:46 | data4.password | semmle.label | data4.password | +| tst-webstorage.js:1:18:1:30 | data.password | semmle.label | data.password | +| tst-webstorage.js:2:27:2:39 | data.password | semmle.label | data.password | +| tst-webstorage.js:3:20:3:32 | data.password | semmle.label | data.password | +| tst-webstorage.js:4:29:4:41 | data.password | semmle.label | data.password | +subpaths #select | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password | | CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/passwords.js b/javascript/ql/test/query-tests/Security/CWE-312/passwords.js index d0b15257206..faecbfc0b68 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/passwords.js +++ b/javascript/ql/test/query-tests/Security/CWE-312/passwords.js @@ -26,7 +26,7 @@ console.log(obj2); // NOT OK var obj3 = {}; - console.log(obj3); // OK - but still flagged due to flow-insensitive field-analysis. [INCONSISTENCY] + console.log(obj3); // OK obj3.x = password; var fixed_password = "123"; diff --git a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected index 3b87a7ccd9c..0b9cb037451 100644 --- a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected +++ b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected @@ -1,30 +1,15 @@ -nodes -| tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | -| tst.js:3:18:3:24 | trusted | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | edges -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText | +| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | provenance | | +| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | provenance | | +| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | provenance | | +nodes +| tst.js:3:5:3:24 | secretText | semmle.label | secretText | +| tst.js:3:18:3:24 | trusted | semmle.label | trusted | +| tst.js:11:17:11:26 | secretText | semmle.label | secretText | +| tst.js:17:17:17:25 | o.trusted | semmle.label | o.trusted | +| tst.js:19:17:19:24 | password | semmle.label | password | +| tst.js:22:21:22:30 | secretText | semmle.label | secretText | +subpaths #select | tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:3:18:3:24 | trusted | sensitive data from an access to trusted | | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:11:17:11:26 | secretText | sensitive data from an access to secretText | diff --git a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected index a5a06eba7db..122cb1ac876 100644 --- a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected +++ b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected @@ -1,176 +1,93 @@ -nodes -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:19:9:19:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | -| tst.js:28:9:28:26 | pw | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:29:20:29:21 | pw | -| tst.js:29:20:29:21 | pw | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:71:9:71:48 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:72:9:72:48 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:72:34:72:37 | rand | -| tst.js:72:34:72:48 | rand.toString() | -| tst.js:73:23:73:28 | concat | -| tst.js:73:23:73:28 | concat | -| tst.js:77:16:77:21 | secret | -| tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:136:9:136:67 | password | -| tst.js:136:9:136:67 | password | -| tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:27:136:66 | Math.fl ... length) | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:65 | Math.ra ... .length | edges -| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() | -| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | -| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | -| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:120:16:120:28 | Math.random() | tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | tst.js:121:18:121:30 | Math.random() | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | -| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | +| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | Config | +| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | | +| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | Config | +| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | | +| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | Config | +| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | | +| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | | +| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | Config | +| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | Config | +| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | Config | +| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | | +| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | | +| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | Config | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | Config | +| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | | +| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | | +| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | Config | +| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | Config | +| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | Config | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | Config | +| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | Config | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | Config | +| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | Config | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | Config | +| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | Config | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | Config | +| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | Config | +| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | Config | +| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | Config | +| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | Config | +nodes +| tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() | +| tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() | +| tst.js:6:31:6:43 | Math.random() | semmle.label | Math.random() | +| tst.js:10:20:10:32 | Math.random() | semmle.label | Math.random() | +| tst.js:19:9:19:36 | suffix | semmle.label | suffix | +| tst.js:19:18:19:30 | Math.random() | semmle.label | Math.random() | +| tst.js:19:18:19:36 | Math.random() % 255 | semmle.label | Math.random() % 255 | +| tst.js:20:20:20:36 | "prefix" + suffix | semmle.label | "prefix" + suffix | +| tst.js:20:31:20:36 | suffix | semmle.label | suffix | +| tst.js:28:9:28:26 | pw | semmle.label | pw | +| tst.js:28:14:28:26 | Math.random() | semmle.label | Math.random() | +| tst.js:29:20:29:21 | pw | semmle.label | pw | +| tst.js:41:20:41:33 | !Math.random() | semmle.label | !Math.random() | +| tst.js:41:21:41:33 | Math.random() | semmle.label | Math.random() | +| tst.js:45:18:45:30 | Math.random() | semmle.label | Math.random() | +| tst.js:50:16:50:28 | Math.random() | semmle.label | Math.random() | +| tst.js:55:17:55:29 | Math.random() | semmle.label | Math.random() | +| tst.js:61:17:61:34 | '' + Math.random() | semmle.label | '' + Math.random() | +| tst.js:61:22:61:34 | Math.random() | semmle.label | Math.random() | +| tst.js:66:18:66:42 | Math.fl ... ndom()) | semmle.label | Math.fl ... ndom()) | +| tst.js:66:29:66:41 | Math.random() | semmle.label | Math.random() | +| tst.js:71:9:71:48 | rand | semmle.label | rand | +| tst.js:71:16:71:48 | Math.fl ... 999999) | semmle.label | Math.fl ... 999999) | +| tst.js:71:27:71:39 | Math.random() | semmle.label | Math.random() | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | semmle.label | Math.ra ... 9999999 | +| tst.js:72:9:72:48 | concat | semmle.label | concat | +| tst.js:72:18:72:48 | ts.toSt ... tring() | semmle.label | ts.toSt ... tring() | +| tst.js:72:34:72:37 | rand | semmle.label | rand | +| tst.js:72:34:72:48 | rand.toString() | semmle.label | rand.toString() | +| tst.js:73:23:73:28 | concat | semmle.label | concat | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:80:7:80:19 | Math.random() | semmle.label | Math.random() | +| tst.js:84:19:84:31 | Math.random() | semmle.label | Math.random() | +| tst.js:90:32:90:44 | Math.random() | semmle.label | Math.random() | +| tst.js:95:33:95:45 | Math.random() | semmle.label | Math.random() | +| tst.js:115:16:115:56 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:115:27:115:39 | Math.random() | semmle.label | Math.random() | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:116:22:116:62 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:116:33:116:45 | Math.random() | semmle.label | Math.random() | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:117:15:117:55 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:117:26:117:38 | Math.random() | semmle.label | Math.random() | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:118:23:118:63 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:118:34:118:46 | Math.random() | semmle.label | Math.random() | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:120:16:120:28 | Math.random() | semmle.label | Math.random() | +| tst.js:121:18:121:30 | Math.random() | semmle.label | Math.random() | +| tst.js:136:9:136:67 | password | semmle.label | password | +| tst.js:136:21:136:67 | chars[M ... ength)] | semmle.label | chars[M ... ength)] | +| tst.js:136:27:136:66 | Math.fl ... length) | semmle.label | Math.fl ... length) | +| tst.js:136:38:136:50 | Math.random() | semmle.label | Math.random() | +| tst.js:136:38:136:65 | Math.ra ... .length | semmle.label | Math.ra ... .length | +subpaths #select | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:2:20:2:32 | Math.random() | Math.random() | | tst.js:6:20:6:43 | "prefix ... andom() | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:6:31:6:43 | Math.random() | Math.random() | diff --git a/javascript/ql/test/query-tests/Security/CWE-338/foo.test.js b/javascript/ql/test/query-tests/Security/CWE-338/foo.test.js new file mode 100644 index 00000000000..9c898c649b4 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-338/foo.test.js @@ -0,0 +1,6 @@ +import { getRandom } from "./library1"; +import { doAuth } from "./library2"; + +function f() { + doAuth(getRandom()); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-338/library1.js b/javascript/ql/test/query-tests/Security/CWE-338/library1.js new file mode 100644 index 00000000000..727eaa1a5da --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-338/library1.js @@ -0,0 +1,3 @@ +export function getRandom() { + return Math.random(); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-338/library2.js b/javascript/ql/test/query-tests/Security/CWE-338/library2.js new file mode 100644 index 00000000000..08fa1695747 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-338/library2.js @@ -0,0 +1,3 @@ +export function doAuth(pw) { + var password = pw; +} diff --git a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected index 83e103f121b..fd0677de03d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected @@ -1,28 +1,15 @@ -nodes -| tst.js:12:9:12:54 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:28:12:34 | req.url | -| tst.js:12:28:12:34 | req.url | -| tst.js:13:50:13:55 | origin | -| tst.js:13:50:13:55 | origin | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | edges -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" | +| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | provenance | | +| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | provenance | | +| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | provenance | | +nodes +| tst.js:12:9:12:54 | origin | semmle.label | origin | +| tst.js:12:18:12:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| tst.js:12:28:12:34 | req.url | semmle.label | req.url | +| tst.js:13:50:13:55 | origin | semmle.label | origin | +| tst.js:18:50:18:53 | null | semmle.label | null | +| tst.js:23:50:23:55 | "null" | semmle.label | "null" | +subpaths #select | tst.js:13:50:13:55 | origin | tst.js:12:28:12:34 | req.url | tst.js:13:50:13:55 | origin | $@ leak vulnerability due to a $@. | tst.js:14:5:14:59 | res.set ... , true) | Credential | tst.js:12:28:12:34 | req.url | misconfigured CORS header value | | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | $@ leak vulnerability due to a $@. | tst.js:19:5:19:59 | res.set ... , true) | Credential | tst.js:18:50:18:53 | null | misconfigured CORS header value | diff --git a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected index 8952998dd9c..69dcd04037a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected +++ b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected @@ -1,50 +1,33 @@ -nodes -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | edges -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | provenance | | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | provenance | | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | provenance | | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | provenance | | +nodes +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | semmle.label | path.jo ... )\\n ) | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:13:22:13:32 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | semmle.label | "/tmp/something" | +| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | semmle.label | path.jo ... )}.md`) | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | semmle.label | tmpPath2 | +subpaths #select | insecure-temporary-file.js:13:22:13:32 | tmpLocation | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:13:22:13:32 | tmpLocation | Insecure creation of file in $@. | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | the os temp dir | | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | Insecure creation of file in $@. | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | the os temp dir | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected index 1b6796f21c4..5c3caed8152 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected @@ -1,8 +1,6 @@ nodes -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | +| tst.js:9:29:9:36 | req.body | semmle.label | req.body | edges -| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | +subpaths #select | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing $@ with $@. | tst.js:9:29:9:36 | req.body | user input | tst.js:4:21:4:35 | allErrors: true | allErrors: true | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected index f9504944160..83d8243c269 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected @@ -1,508 +1,585 @@ -nodes -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:22:9:22:9 | x | -| lib/lib.js:27:6:27:19 | y | -| lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:28:35:31 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:44:5:44:25 | name | -| lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:22:44:22:47 | node | -| lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:140:2:140:10 | modified3 | -| polynomial-redos.js:140:2:140:10 | modified3 | -| polynomial-redos.js:141:2:141:10 | modified3 | -| polynomial-redos.js:141:2:141:10 | modified3 | -| polynomial-redos.js:142:2:142:10 | modified3 | -| polynomial-redos.js:142:2:142:10 | modified3 | edges -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:22:9:22:9 | x | lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:10:27:19 | id("safe") | lib/lib.js:27:6:27:19 | y | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | -| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:140:2:140:10 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:140:2:140:10 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:141:2:141:10 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:141:2:141:10 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:142:2:142:10 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:142:2:142:10 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | +| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | provenance | | +| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | provenance | | +| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | provenance | | +| lib/lib.js:32:32:32:40 | [apply call taint node] | lib/lib.js:32:32:32:40 | arguments [ArrayElement] | provenance | | +| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:32:32:32:40 | [apply call taint node] | provenance | | +| lib/lib.js:32:32:32:40 | arguments [ArrayElement] | lib/lib.js:35:28:35:31 | name | provenance | | +| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | provenance | | +| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | provenance | | +| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | provenance | | +| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | provenance | | +| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | provenance | | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | provenance | | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | provenance | | +| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | provenance | | +| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | provenance | | +| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | provenance | | +| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | provenance | | +| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | provenance | | +| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | provenance | | +| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | provenance | | +| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | provenance | | +| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | provenance | | +| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | provenance | | +| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | provenance | | +| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | provenance | | +| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | provenance | | +| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | provenance | | +| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | provenance | | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | provenance | | +| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | provenance | | +| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | provenance | | +| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | provenance | | +| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:140:2:140:10 | modified3 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:141:2:141:10 | modified3 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:142:2:142:10 | modified3 | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | provenance | | +nodes +| lib/closure.js:3:21:3:21 | x | semmle.label | x | +| lib/closure.js:4:16:4:16 | x | semmle.label | x | +| lib/indirect.js:1:32:1:32 | x | semmle.label | x | +| lib/indirect.js:2:16:2:16 | x | semmle.label | x | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:14:4:17 | name | semmle.label | name | +| lib/lib.js:7:19:7:22 | name | semmle.label | name | +| lib/lib.js:8:13:8:16 | name | semmle.label | name | +| lib/lib.js:32:32:32:40 | [apply call taint node] | semmle.label | [apply call taint node] | +| lib/lib.js:32:32:32:40 | arguments | semmle.label | arguments | +| lib/lib.js:32:32:32:40 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] | +| lib/lib.js:35:28:35:31 | name | semmle.label | name | +| lib/lib.js:36:13:36:16 | name | semmle.label | name | +| lib/lib.js:41:32:41:35 | name | semmle.label | name | +| lib/lib.js:42:17:42:20 | name | semmle.label | name | +| lib/lib.js:44:5:44:25 | name | semmle.label | name | +| lib/lib.js:44:12:44:15 | name | semmle.label | name | +| lib/lib.js:44:12:44:25 | name.substr(1) | semmle.label | name.substr(1) | +| lib/lib.js:45:17:45:20 | name | semmle.label | name | +| lib/lib.js:52:22:52:25 | name | semmle.label | name | +| lib/lib.js:53:16:53:19 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:2:13:2:16 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:2:13:2:16 | name | semmle.label | name | +| lib/snapdragon.js:3:34:3:38 | input | semmle.label | input | +| lib/snapdragon.js:7:15:7:18 | this | semmle.label | this | +| lib/snapdragon.js:9:12:9:16 | input | semmle.label | input | +| lib/snapdragon.js:12:34:12:38 | input | semmle.label | input | +| lib/snapdragon.js:15:13:15:16 | this | semmle.label | this | +| lib/snapdragon.js:17:20:17:24 | input | semmle.label | input | +| lib/snapdragon.js:20:34:20:38 | input | semmle.label | input | +| lib/snapdragon.js:22:44:22:47 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:8 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:12 | node.val | semmle.label | node.val | +| lib/snapdragon.js:25:22:25:26 | input | semmle.label | input | +| lib/subLib4/factory.js:7:27:7:30 | name | semmle.label | name | +| lib/subLib4/factory.js:8:13:8:16 | name | semmle.label | name | +| lib/subLib5/feature.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/feature.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/main.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/main.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/subclass.js:4:10:4:13 | name | semmle.label | name | +| lib/subLib5/subclass.js:5:16:5:19 | name | semmle.label | name | +| lib/subLib6/index.js:1:32:1:35 | name | semmle.label | name | +| lib/subLib6/index.js:2:14:2:17 | name | semmle.label | name | +| lib/sublib/factory.js:12:26:12:29 | name | semmle.label | name | +| lib/sublib/factory.js:13:24:13:27 | name | semmle.label | name | +| polynomial-redos.js:5:6:5:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | semmle.label | req.query.tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:10:2:10:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:13:2:13:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:14:2:14:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:21:6:21:12 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:26:2:26:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:27:77:27:83 | tainted | semmle.label | tainted | +| polynomial-redos.js:28:76:28:82 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:31:2:31:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:32:2:32:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:34:2:34:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:41:2:41:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:44:2:44:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:46:2:46:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:47:2:47:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:60:17:60:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:61:18:61:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:68:18:68:24 | req.url | semmle.label | req.url | +| polynomial-redos.js:69:18:69:25 | req.body | semmle.label | req.body | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:82:2:82:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:83:2:83:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:84:2:84:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:91:2:91:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:92:2:92:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:105:2:105:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | semmle.label | (functi ... OK\\n\\t}) [tainted] | +| polynomial-redos.js:121:7:121:55 | replaced | semmle.label | replaced | +| polynomial-redos.js:121:18:121:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| polynomial-redos.js:123:3:123:20 | result | semmle.label | result | +| polynomial-redos.js:123:13:123:20 | replaced | semmle.label | replaced | +| polynomial-redos.js:124:12:124:17 | result | semmle.label | result | +| polynomial-redos.js:127:2:127:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:6:129:42 | modified | semmle.label | modified | +| polynomial-redos.js:129:17:129:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | semmle.label | tainted ... g, "b") | +| polynomial-redos.js:130:2:130:9 | modified | semmle.label | modified | +| polynomial-redos.js:132:6:132:50 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:132:18:132:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | semmle.label | tainted ... g, "e") | +| polynomial-redos.js:133:2:133:10 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:135:9:135:47 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:135:21:135:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | semmle.label | tainted ... /g, "") | +| polynomial-redos.js:136:5:136:13 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:138:5:138:11 | tainted | semmle.label | tainted | +| polynomial-redos.js:140:2:140:10 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:141:2:141:10 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:142:2:142:10 | modified3 | semmle.label | modified3 | +subpaths #select | lib/closure.js:4:5:4:17 | /u*o/.test(x) | lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'u'. | lib/closure.js:4:6:4:7 | u* | regular expression | lib/closure.js:3:21:3:21 | x | library input | | lib/indirect.js:2:5:2:17 | /k*h/.test(x) | lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'k'. | lib/indirect.js:2:6:2:7 | k* | regular expression | lib/indirect.js:1:32:1:32 | x | library input | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected index 7907cc41726..2f21ec2ca3d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected @@ -1,37 +1,35 @@ -nodes -| tst.js:8:6:8:52 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:9:8:9:11 | prop | -| tst.js:9:8:9:11 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:16:10:16:13 | prop | -| tst.js:16:10:16:13 | prop | -| tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:8:17:8:23 | userVal | edges -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | +| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | provenance | | +| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | provenance | | +| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | provenance | | +| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | provenance | | +| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | provenance | | +| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | provenance | | +| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | provenance | | +| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | provenance | | +nodes +| tst.js:8:6:8:52 | prop | semmle.label | prop | +| tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) | +| tst.js:8:28:8:51 | req.que ... trolled | semmle.label | req.que ... trolled | +| tst.js:9:8:9:11 | prop | semmle.label | prop | +| tst.js:13:15:13:18 | prop | semmle.label | prop | +| tst.js:14:31:14:34 | prop | semmle.label | prop | +| tst.js:16:10:16:13 | prop | semmle.label | prop | +| tst.js:21:25:21:25 | x | semmle.label | x | +| tst.js:22:6:22:15 | result | semmle.label | result | +| tst.js:22:15:22:15 | x | semmle.label | x | +| tst.js:23:9:23:14 | result | semmle.label | result | +| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) | +| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal | +| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url | +| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal | +subpaths +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) | #select | tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | | tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-502/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-502/Consistency.ql index 8658a31e95b..6c43567b5c4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-502/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-502/Consistency.ql @@ -1,3 +1,3 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import utils.test.ConsistencyChecking +deprecated import utils.test.ConsistencyChecking diff --git a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected index 7abe0b7f559..dbd2e399114 100644 --- a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected @@ -1,37 +1,14 @@ -nodes -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | edges -| tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | tst.js:25:22:25:36 | req.params.data | +nodes +| tst.js:13:22:13:36 | req.params.data | semmle.label | req.params.data | +| tst.js:14:25:14:39 | req.params.data | semmle.label | req.params.data | +| tst.js:15:26:15:40 | req.params.data | semmle.label | req.params.data | +| tst.js:16:29:16:43 | req.params.data | semmle.label | req.params.data | +| tst.js:20:22:20:36 | req.params.data | semmle.label | req.params.data | +| tst.js:21:22:21:36 | req.params.data | semmle.label | req.params.data | +| tst.js:24:22:24:36 | req.params.data | semmle.label | req.params.data | +| tst.js:25:22:25:36 | req.params.data | semmle.label | req.params.data | +subpaths #select | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:13:22:13:36 | req.params.data | user-provided value | | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:14:25:14:39 | req.params.data | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected index 76c630812c5..bf0f97e28da 100644 --- a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected +++ b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected @@ -1,45 +1,46 @@ nodes -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | -| tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:7:8:7:11 | test | -| tst.js:7:8:7:15 | test+"n" | -| tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | semmle.label | r | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream-orig.js:94:26:94:26 | r | semmle.label | r | +| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| event-stream.js:5:12:5:12 | r | semmle.label | r | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream.js:6:10:6:41 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream.js:6:22:6:22 | r | semmle.label | r | +| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| tst.js:1:5:1:88 | totallyHarmlessString | semmle.label | totallyHarmlessString | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | semmle.label | '636f6e ... 6e2729' | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | semmle.label | Buffer. ... 'hex') | +| tst.js:2:6:2:57 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| tst.js:2:18:2:38 | totally ... sString | semmle.label | totally ... sString | +| tst.js:5:5:5:23 | test | semmle.label | test | +| tst.js:5:12:5:23 | "0123456789" | semmle.label | "0123456789" | +| tst.js:7:8:7:11 | test | semmle.label | test | +| tst.js:7:8:7:15 | test+"n" | semmle.label | test+"n" | edges -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | provenance | | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | provenance | Config | +| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | provenance | Config | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | provenance | | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | provenance | Config | +| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | provenance | | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | provenance | Config | +| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | provenance | Config | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | provenance | | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | provenance | Config | +| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | provenance | | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | provenance | | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | provenance | Config | +| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | provenance | Config | +| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | provenance | | +| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | provenance | | +| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | provenance | Config | +subpaths +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | event-stream.js:6:10:6:41 | Buffer. ... tring() | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | #select | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | Hard-coded data | | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | Hard-coded data | diff --git a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected index 659e49339d1..3ba33bc2625 100644 --- a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -1,355 +1,214 @@ -nodes -| adm-zip.js:13:13:13:21 | req.files | -| adm-zip.js:13:13:13:21 | req.files | -| adm-zip.js:13:13:13:33 | req.fil ... ombFile | -| adm-zip.js:17:18:17:24 | tarFile | -| adm-zip.js:24:22:24:28 | tarFile | -| adm-zip.js:24:22:24:33 | tarFile.data | -| adm-zip.js:28:25:28:42 | zipEntry.getData() | -| adm-zip.js:28:25:28:42 | zipEntry.getData() | -| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | -| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | -| adm-zip.js:34:5:34:55 | admZip. ... , true) | -| adm-zip.js:34:5:34:55 | admZip. ... , true) | -| adm-zip.js:36:5:36:38 | admZip. ... , true) | -| adm-zip.js:36:5:36:38 | admZip. ... , true) | -| decompress.js:11:16:11:33 | req.query.filePath | -| decompress.js:11:16:11:33 | req.query.filePath | -| decompress.js:11:16:11:33 | req.query.filePath | -| jszip.js:12:13:12:21 | req.files | -| jszip.js:12:13:12:21 | req.files | -| jszip.js:12:13:12:33 | req.fil ... ombFile | -| jszip.js:12:13:12:38 | req.fil ... le.data | -| jszip.js:32:18:32:24 | zipFile | -| jszip.js:33:22:33:28 | zipFile | -| jszip.js:33:22:33:33 | zipFile.data | -| jszip.js:33:22:33:33 | zipFile.data | -| node-tar.js:15:13:15:21 | req.files | -| node-tar.js:15:13:15:21 | req.files | -| node-tar.js:15:13:15:33 | req.fil ... ombFile | -| node-tar.js:15:13:15:38 | req.fil ... le.data | -| node-tar.js:19:18:19:24 | tarFile | -| node-tar.js:21:23:21:49 | Readabl ... e.data) | -| node-tar.js:21:37:21:43 | tarFile | -| node-tar.js:21:37:21:48 | tarFile.data | -| node-tar.js:24:9:24:15 | tar.x() | -| node-tar.js:24:9:24:15 | tar.x() | -| node-tar.js:29:5:29:37 | fs.crea ... e.name) | -| node-tar.js:29:25:29:31 | tarFile | -| node-tar.js:29:25:29:36 | tarFile.name | -| node-tar.js:30:9:33:10 | tar.x({ ... }) | -| node-tar.js:30:9:33:10 | tar.x({ ... }) | -| node-tar.js:45:5:45:37 | fs.crea ... e.name) | -| node-tar.js:45:25:45:31 | tarFile | -| node-tar.js:45:25:45:36 | tarFile.name | -| node-tar.js:46:9:46:20 | decompressor | -| node-tar.js:48:9:50:10 | tar.x({ ... }) | -| node-tar.js:48:9:50:10 | tar.x({ ... }) | -| node-tar.js:58:19:58:25 | tarFile | -| node-tar.js:58:19:58:30 | tarFile.name | -| node-tar.js:58:19:58:30 | tarFile.name | -| node-tar.js:59:25:59:31 | tarFile | -| node-tar.js:59:25:59:36 | tarFile.name | -| node-tar.js:59:25:59:36 | tarFile.name | -| pako.js:12:14:12:22 | req.files | -| pako.js:12:14:12:22 | req.files | -| pako.js:12:14:12:34 | req.fil ... ombFile | -| pako.js:12:14:12:39 | req.fil ... le.data | -| pako.js:13:14:13:22 | req.files | -| pako.js:13:14:13:22 | req.files | -| pako.js:13:14:13:34 | req.fil ... ombFile | -| pako.js:13:14:13:39 | req.fil ... le.data | -| pako.js:17:19:17:25 | zipFile | -| pako.js:18:11:18:68 | myArray | -| pako.js:18:21:18:68 | Buffer. ... uffer)) | -| pako.js:18:33:18:67 | new Uin ... buffer) | -| pako.js:18:48:18:54 | zipFile | -| pako.js:18:48:18:59 | zipFile.data | -| pako.js:18:48:18:66 | zipFile.data.buffer | -| pako.js:21:31:21:37 | myArray | -| pako.js:21:31:21:37 | myArray | -| pako.js:28:19:28:25 | zipFile | -| pako.js:29:11:29:62 | myArray | -| pako.js:29:21:29:55 | new Uin ... buffer) | -| pako.js:29:21:29:62 | new Uin ... .buffer | -| pako.js:29:36:29:42 | zipFile | -| pako.js:29:36:29:47 | zipFile.data | -| pako.js:29:36:29:54 | zipFile.data.buffer | -| pako.js:32:31:32:37 | myArray | -| pako.js:32:31:32:37 | myArray | -| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | -| unbzip2.js:12:25:12:42 | req.query.FilePath | -| unbzip2.js:12:25:12:42 | req.query.FilePath | -| unbzip2.js:12:50:12:54 | bz2() | -| unbzip2.js:12:50:12:54 | bz2() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | -| unzipper.js:13:40:13:48 | req.files | -| unzipper.js:13:40:13:48 | req.files | -| unzipper.js:13:40:13:56 | req.files.ZipFile | -| unzipper.js:13:40:13:61 | req.fil ... le.data | -| unzipper.js:16:23:16:63 | unzippe ... ath' }) | -| unzipper.js:16:23:16:63 | unzippe ... ath' }) | -| unzipper.js:19:23:19:41 | unzipper.ParseOne() | -| unzipper.js:19:23:19:41 | unzipper.ParseOne() | -| unzipper.js:24:15:24:30 | unzipper.Parse() | -| unzipper.js:24:15:24:30 | unzipper.Parse() | -| unzipper.js:34:15:34:30 | unzipper.Parse() | -| unzipper.js:34:15:34:30 | unzipper.Parse() | -| unzipper.js:41:35:41:71 | unzippe ... true }) | -| unzipper.js:41:35:41:71 | unzippe ... true }) | -| unzipper.js:51:36:51:72 | unzippe ... true }) | -| unzipper.js:51:36:51:72 | unzippe ... true }) | -| unzipper.js:60:23:60:38 | unzipper.Parse() | -| unzipper.js:60:23:60:38 | unzipper.Parse() | -| unzipper.js:73:23:73:38 | unzipper.Parse() | -| unzipper.js:73:23:73:38 | unzipper.Parse() | -| yauzl.js:12:18:12:26 | req.files | -| yauzl.js:12:18:12:26 | req.files | -| yauzl.js:12:18:12:34 | req.files.zipFile | -| yauzl.js:12:18:12:39 | req.fil ... le.data | -| yauzl.js:12:18:12:39 | req.fil ... le.data | -| yauzl.js:13:22:13:30 | req.files | -| yauzl.js:13:22:13:30 | req.files | -| yauzl.js:13:22:13:38 | req.files.zipFile | -| yauzl.js:13:22:13:43 | req.fil ... le.data | -| yauzl.js:13:22:13:43 | req.fil ... le.data | -| yauzl.js:14:34:14:42 | req.files | -| yauzl.js:14:34:14:42 | req.files | -| yauzl.js:14:34:14:50 | req.files.zipFile | -| yauzl.js:14:34:14:55 | req.fil ... le.data | -| yauzl.js:14:34:14:55 | req.fil ... le.data | -| yauzl.js:37:16:37:33 | req.query.filePath | -| yauzl.js:37:16:37:33 | req.query.filePath | -| yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:41:64:41:73 | readStream | -| yauzl.js:41:64:41:73 | readStream | -| yauzl.js:43:21:43:39 | zipfile.readEntry() | -| yauzl.js:43:21:43:39 | zipfile.readEntry() | -| zlib.js:15:19:15:27 | req.files | -| zlib.js:15:19:15:27 | req.files | -| zlib.js:15:19:15:39 | req.fil ... ombFile | -| zlib.js:15:19:15:44 | req.fil ... le.data | -| zlib.js:17:18:17:26 | req.files | -| zlib.js:17:18:17:26 | req.files | -| zlib.js:17:18:17:38 | req.fil ... ombFile | -| zlib.js:17:18:17:43 | req.fil ... le.data | -| zlib.js:19:24:19:32 | req.files | -| zlib.js:19:24:19:32 | req.files | -| zlib.js:19:24:19:44 | req.fil ... ombFile | -| zlib.js:19:24:19:49 | req.fil ... le.data | -| zlib.js:21:32:21:40 | req.files | -| zlib.js:21:32:21:40 | req.files | -| zlib.js:21:32:21:52 | req.fil ... ombFile | -| zlib.js:21:32:21:57 | req.fil ... le.data | -| zlib.js:27:24:27:30 | zipFile | -| zlib.js:29:9:29:15 | zipFile | -| zlib.js:29:9:29:20 | zipFile.data | -| zlib.js:29:9:29:20 | zipFile.data | -| zlib.js:33:9:33:15 | zipFile | -| zlib.js:33:9:33:20 | zipFile.data | -| zlib.js:33:9:33:20 | zipFile.data | -| zlib.js:38:9:38:15 | zipFile | -| zlib.js:38:9:38:20 | zipFile.data | -| zlib.js:38:9:38:20 | zipFile.data | -| zlib.js:62:23:62:29 | zipFile | -| zlib.js:63:21:63:27 | zipFile | -| zlib.js:63:21:63:32 | zipFile.data | -| zlib.js:63:21:63:32 | zipFile.data | -| zlib.js:64:20:64:26 | zipFile | -| zlib.js:64:20:64:31 | zipFile.data | -| zlib.js:64:20:64:31 | zipFile.data | -| zlib.js:65:31:65:37 | zipFile | -| zlib.js:65:31:65:42 | zipFile.data | -| zlib.js:65:31:65:42 | zipFile.data | -| zlib.js:74:29:74:35 | zipFile | -| zlib.js:75:25:75:51 | Readabl ... e.data) | -| zlib.js:75:39:75:45 | zipFile | -| zlib.js:75:39:75:50 | zipFile.data | -| zlib.js:77:22:77:40 | zlib.createGunzip() | -| zlib.js:77:22:77:40 | zlib.createGunzip() | -| zlib.js:78:22:78:39 | zlib.createUnzip() | -| zlib.js:78:22:78:39 | zlib.createUnzip() | -| zlib.js:79:22:79:50 | zlib.cr ... press() | -| zlib.js:79:22:79:50 | zlib.cr ... press() | -| zlib.js:82:43:82:49 | zipFile | -| zlib.js:83:11:83:51 | inputStream | -| zlib.js:83:25:83:51 | Readabl ... e.data) | -| zlib.js:83:39:83:45 | zipFile | -| zlib.js:83:39:83:50 | zipFile.data | -| zlib.js:86:9:86:19 | inputStream | -| zlib.js:87:9:87:27 | zlib.createGunzip() | -| zlib.js:87:9:87:27 | zlib.createGunzip() | edges -| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile | -| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile | -| adm-zip.js:13:13:13:33 | req.fil ... ombFile | adm-zip.js:17:18:17:24 | tarFile | -| adm-zip.js:17:18:17:24 | tarFile | adm-zip.js:24:22:24:28 | tarFile | -| adm-zip.js:24:22:24:28 | tarFile | adm-zip.js:24:22:24:33 | tarFile.data | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) | -| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) | -| decompress.js:11:16:11:33 | req.query.filePath | decompress.js:11:16:11:33 | req.query.filePath | -| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile | -| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile | -| jszip.js:12:13:12:33 | req.fil ... ombFile | jszip.js:12:13:12:38 | req.fil ... le.data | -| jszip.js:12:13:12:38 | req.fil ... le.data | jszip.js:32:18:32:24 | zipFile | -| jszip.js:32:18:32:24 | zipFile | jszip.js:33:22:33:28 | zipFile | -| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data | -| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data | -| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile | -| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile | -| node-tar.js:15:13:15:33 | req.fil ... ombFile | node-tar.js:15:13:15:38 | req.fil ... le.data | -| node-tar.js:15:13:15:38 | req.fil ... le.data | node-tar.js:19:18:19:24 | tarFile | -| node-tar.js:19:18:19:24 | tarFile | node-tar.js:21:37:21:43 | tarFile | -| node-tar.js:19:18:19:24 | tarFile | node-tar.js:29:25:29:31 | tarFile | -| node-tar.js:19:18:19:24 | tarFile | node-tar.js:45:25:45:31 | tarFile | -| node-tar.js:19:18:19:24 | tarFile | node-tar.js:58:19:58:25 | tarFile | -| node-tar.js:19:18:19:24 | tarFile | node-tar.js:59:25:59:31 | tarFile | -| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() | -| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() | -| node-tar.js:21:37:21:43 | tarFile | node-tar.js:21:37:21:48 | tarFile.data | -| node-tar.js:21:37:21:48 | tarFile.data | node-tar.js:21:23:21:49 | Readabl ... e.data) | -| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) | -| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) | -| node-tar.js:29:25:29:31 | tarFile | node-tar.js:29:25:29:36 | tarFile.name | -| node-tar.js:29:25:29:36 | tarFile.name | node-tar.js:29:5:29:37 | fs.crea ... e.name) | -| node-tar.js:45:5:45:37 | fs.crea ... e.name) | node-tar.js:46:9:46:20 | decompressor | -| node-tar.js:45:25:45:31 | tarFile | node-tar.js:45:25:45:36 | tarFile.name | -| node-tar.js:45:25:45:36 | tarFile.name | node-tar.js:45:5:45:37 | fs.crea ... e.name) | -| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) | -| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) | -| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name | -| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name | -| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name | -| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name | -| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile | -| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile | -| pako.js:12:14:12:34 | req.fil ... ombFile | pako.js:12:14:12:39 | req.fil ... le.data | -| pako.js:12:14:12:39 | req.fil ... le.data | pako.js:17:19:17:25 | zipFile | -| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile | -| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile | -| pako.js:13:14:13:34 | req.fil ... ombFile | pako.js:13:14:13:39 | req.fil ... le.data | -| pako.js:13:14:13:39 | req.fil ... le.data | pako.js:28:19:28:25 | zipFile | -| pako.js:17:19:17:25 | zipFile | pako.js:18:48:18:54 | zipFile | -| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray | -| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray | -| pako.js:18:21:18:68 | Buffer. ... uffer)) | pako.js:18:11:18:68 | myArray | -| pako.js:18:33:18:67 | new Uin ... buffer) | pako.js:18:21:18:68 | Buffer. ... uffer)) | -| pako.js:18:48:18:54 | zipFile | pako.js:18:48:18:59 | zipFile.data | -| pako.js:18:48:18:59 | zipFile.data | pako.js:18:48:18:66 | zipFile.data.buffer | -| pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) | -| pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile | -| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | -| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | -| pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:21:29:62 | new Uin ... .buffer | -| pako.js:29:21:29:62 | new Uin ... .buffer | pako.js:29:11:29:62 | myArray | -| pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:47 | zipFile.data | -| pako.js:29:36:29:47 | zipFile.data | pako.js:29:36:29:54 | zipFile.data.buffer | -| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) | -| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | -| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | -| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | -| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() | -| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() | -| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile | -| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile | -| unzipper.js:13:40:13:56 | req.files.ZipFile | unzipper.js:13:40:13:61 | req.fil ... le.data | -| unzipper.js:13:40:13:61 | req.fil ... le.data | unzipper.js:13:26:13:62 | Readabl ... e.data) | -| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile | -| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile | -| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data | -| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data | -| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile | -| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile | -| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data | -| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data | -| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile | -| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile | -| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data | -| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | -| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | -| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile | -| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile | -| zlib.js:15:19:15:39 | req.fil ... ombFile | zlib.js:15:19:15:44 | req.fil ... le.data | -| zlib.js:15:19:15:44 | req.fil ... le.data | zlib.js:27:24:27:30 | zipFile | -| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile | -| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile | -| zlib.js:17:18:17:38 | req.fil ... ombFile | zlib.js:17:18:17:43 | req.fil ... le.data | -| zlib.js:17:18:17:43 | req.fil ... le.data | zlib.js:62:23:62:29 | zipFile | -| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile | -| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile | -| zlib.js:19:24:19:44 | req.fil ... ombFile | zlib.js:19:24:19:49 | req.fil ... le.data | -| zlib.js:19:24:19:49 | req.fil ... le.data | zlib.js:74:29:74:35 | zipFile | -| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile | -| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile | -| zlib.js:21:32:21:52 | req.fil ... ombFile | zlib.js:21:32:21:57 | req.fil ... le.data | -| zlib.js:21:32:21:57 | req.fil ... le.data | zlib.js:82:43:82:49 | zipFile | -| zlib.js:27:24:27:30 | zipFile | zlib.js:29:9:29:15 | zipFile | -| zlib.js:27:24:27:30 | zipFile | zlib.js:33:9:33:15 | zipFile | -| zlib.js:27:24:27:30 | zipFile | zlib.js:38:9:38:15 | zipFile | -| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data | -| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data | -| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data | -| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data | -| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data | -| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data | -| zlib.js:62:23:62:29 | zipFile | zlib.js:63:21:63:27 | zipFile | -| zlib.js:62:23:62:29 | zipFile | zlib.js:64:20:64:26 | zipFile | -| zlib.js:62:23:62:29 | zipFile | zlib.js:65:31:65:37 | zipFile | -| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data | -| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data | -| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data | -| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data | -| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data | -| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data | -| zlib.js:74:29:74:35 | zipFile | zlib.js:75:39:75:45 | zipFile | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() | -| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() | -| zlib.js:75:39:75:45 | zipFile | zlib.js:75:39:75:50 | zipFile.data | -| zlib.js:75:39:75:50 | zipFile.data | zlib.js:75:25:75:51 | Readabl ... e.data) | -| zlib.js:82:43:82:49 | zipFile | zlib.js:83:39:83:45 | zipFile | -| zlib.js:83:11:83:51 | inputStream | zlib.js:86:9:86:19 | inputStream | -| zlib.js:83:25:83:51 | Readabl ... e.data) | zlib.js:83:11:83:51 | inputStream | -| zlib.js:83:39:83:45 | zipFile | zlib.js:83:39:83:50 | zipFile.data | -| zlib.js:83:39:83:50 | zipFile.data | zlib.js:83:25:83:51 | Readabl ... e.data) | -| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() | -| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() | +| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile | provenance | | +| adm-zip.js:13:13:13:33 | req.fil ... ombFile | adm-zip.js:17:18:17:24 | tarFile | provenance | | +| adm-zip.js:17:18:17:24 | tarFile | adm-zip.js:24:22:24:28 | tarFile | provenance | | +| adm-zip.js:24:22:24:28 | tarFile | adm-zip.js:24:22:24:33 | tarFile.data | provenance | | +| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() | provenance | Config | +| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | provenance | Config | +| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) | provenance | Config | +| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) | provenance | Config | +| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:38 | req.fil ... le.data | provenance | | +| jszip.js:12:13:12:38 | req.fil ... le.data | jszip.js:32:18:32:24 | zipFile | provenance | | +| jszip.js:32:18:32:24 | zipFile | jszip.js:33:22:33:28 | zipFile | provenance | | +| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data | provenance | | +| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:38 | req.fil ... le.data | provenance | | +| node-tar.js:15:13:15:38 | req.fil ... le.data | node-tar.js:19:18:19:24 | tarFile | provenance | | +| node-tar.js:19:18:19:24 | tarFile | node-tar.js:21:37:21:43 | tarFile | provenance | | +| node-tar.js:19:18:19:24 | tarFile | node-tar.js:29:25:29:31 | tarFile | provenance | | +| node-tar.js:19:18:19:24 | tarFile | node-tar.js:45:25:45:31 | tarFile | provenance | | +| node-tar.js:19:18:19:24 | tarFile | node-tar.js:58:19:58:25 | tarFile | provenance | | +| node-tar.js:19:18:19:24 | tarFile | node-tar.js:59:25:59:31 | tarFile | provenance | | +| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() | provenance | Config | +| node-tar.js:21:37:21:43 | tarFile | node-tar.js:21:37:21:48 | tarFile.data | provenance | | +| node-tar.js:21:37:21:48 | tarFile.data | node-tar.js:21:23:21:49 | Readabl ... e.data) | provenance | Config | +| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) | provenance | Config | +| node-tar.js:29:25:29:31 | tarFile | node-tar.js:29:25:29:36 | tarFile.name | provenance | | +| node-tar.js:29:25:29:36 | tarFile.name | node-tar.js:29:5:29:37 | fs.crea ... e.name) | provenance | Config | +| node-tar.js:45:5:45:37 | fs.crea ... e.name) | node-tar.js:46:9:46:20 | decompressor | provenance | Config | +| node-tar.js:45:25:45:31 | tarFile | node-tar.js:45:25:45:36 | tarFile.name | provenance | | +| node-tar.js:45:25:45:36 | tarFile.name | node-tar.js:45:5:45:37 | fs.crea ... e.name) | provenance | Config | +| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) | provenance | Config | +| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name | provenance | | +| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name | provenance | | +| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:39 | req.fil ... le.data | provenance | | +| pako.js:12:14:12:39 | req.fil ... le.data | pako.js:17:19:17:25 | zipFile | provenance | | +| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:39 | req.fil ... le.data | provenance | | +| pako.js:13:14:13:39 | req.fil ... le.data | pako.js:28:19:28:25 | zipFile | provenance | | +| pako.js:17:19:17:25 | zipFile | pako.js:18:48:18:54 | zipFile | provenance | | +| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray | provenance | | +| pako.js:18:21:18:68 | Buffer. ... uffer)) | pako.js:18:11:18:68 | myArray | provenance | | +| pako.js:18:33:18:67 | new Uin ... buffer) | pako.js:18:21:18:68 | Buffer. ... uffer)) | provenance | | +| pako.js:18:48:18:54 | zipFile | pako.js:18:48:18:66 | zipFile.data.buffer | provenance | | +| pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) | provenance | Config | +| pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile | provenance | | +| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | provenance | | +| pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:11:29:62 | myArray | provenance | | +| pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:54 | zipFile.data.buffer | provenance | | +| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) | provenance | Config | +| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | provenance | Config | +| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() | provenance | Config | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() | provenance | Config | +| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:61 | req.fil ... le.data | provenance | | +| unzipper.js:13:40:13:61 | req.fil ... le.data | unzipper.js:13:26:13:62 | Readabl ... e.data) | provenance | Config | +| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:39 | req.fil ... le.data | provenance | | +| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:43 | req.fil ... le.data | provenance | | +| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:55 | req.fil ... le.data | provenance | | +| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | provenance | Config | +| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | provenance | Config | +| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | provenance | Config | +| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:44 | req.fil ... le.data | provenance | | +| zlib.js:15:19:15:44 | req.fil ... le.data | zlib.js:27:24:27:30 | zipFile | provenance | | +| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:43 | req.fil ... le.data | provenance | | +| zlib.js:17:18:17:43 | req.fil ... le.data | zlib.js:62:23:62:29 | zipFile | provenance | | +| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:49 | req.fil ... le.data | provenance | | +| zlib.js:19:24:19:49 | req.fil ... le.data | zlib.js:74:29:74:35 | zipFile | provenance | | +| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:57 | req.fil ... le.data | provenance | | +| zlib.js:21:32:21:57 | req.fil ... le.data | zlib.js:82:43:82:49 | zipFile | provenance | | +| zlib.js:27:24:27:30 | zipFile | zlib.js:29:9:29:15 | zipFile | provenance | | +| zlib.js:27:24:27:30 | zipFile | zlib.js:33:9:33:15 | zipFile | provenance | | +| zlib.js:27:24:27:30 | zipFile | zlib.js:38:9:38:15 | zipFile | provenance | | +| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data | provenance | | +| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data | provenance | | +| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data | provenance | | +| zlib.js:62:23:62:29 | zipFile | zlib.js:63:21:63:27 | zipFile | provenance | | +| zlib.js:62:23:62:29 | zipFile | zlib.js:64:20:64:26 | zipFile | provenance | | +| zlib.js:62:23:62:29 | zipFile | zlib.js:65:31:65:37 | zipFile | provenance | | +| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data | provenance | | +| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data | provenance | | +| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data | provenance | | +| zlib.js:74:29:74:35 | zipFile | zlib.js:75:39:75:45 | zipFile | provenance | | +| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() | provenance | Config | +| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() | provenance | Config | +| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() | provenance | Config | +| zlib.js:75:39:75:45 | zipFile | zlib.js:75:39:75:50 | zipFile.data | provenance | | +| zlib.js:75:39:75:50 | zipFile.data | zlib.js:75:25:75:51 | Readabl ... e.data) | provenance | Config | +| zlib.js:82:43:82:49 | zipFile | zlib.js:83:39:83:45 | zipFile | provenance | | +| zlib.js:83:11:83:51 | inputStream | zlib.js:86:9:86:19 | inputStream | provenance | | +| zlib.js:83:25:83:51 | Readabl ... e.data) | zlib.js:83:11:83:51 | inputStream | provenance | | +| zlib.js:83:39:83:45 | zipFile | zlib.js:83:39:83:50 | zipFile.data | provenance | | +| zlib.js:83:39:83:50 | zipFile.data | zlib.js:83:25:83:51 | Readabl ... e.data) | provenance | Config | +| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() | provenance | Config | +nodes +| adm-zip.js:13:13:13:21 | req.files | semmle.label | req.files | +| adm-zip.js:13:13:13:33 | req.fil ... ombFile | semmle.label | req.fil ... ombFile | +| adm-zip.js:17:18:17:24 | tarFile | semmle.label | tarFile | +| adm-zip.js:24:22:24:28 | tarFile | semmle.label | tarFile | +| adm-zip.js:24:22:24:33 | tarFile.data | semmle.label | tarFile.data | +| adm-zip.js:28:25:28:42 | zipEntry.getData() | semmle.label | zipEntry.getData() | +| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | semmle.label | admZip. ... "10GB") | +| adm-zip.js:34:5:34:55 | admZip. ... , true) | semmle.label | admZip. ... , true) | +| adm-zip.js:36:5:36:38 | admZip. ... , true) | semmle.label | admZip. ... , true) | +| decompress.js:11:16:11:33 | req.query.filePath | semmle.label | req.query.filePath | +| jszip.js:12:13:12:21 | req.files | semmle.label | req.files | +| jszip.js:12:13:12:38 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| jszip.js:32:18:32:24 | zipFile | semmle.label | zipFile | +| jszip.js:33:22:33:28 | zipFile | semmle.label | zipFile | +| jszip.js:33:22:33:33 | zipFile.data | semmle.label | zipFile.data | +| node-tar.js:15:13:15:21 | req.files | semmle.label | req.files | +| node-tar.js:15:13:15:38 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| node-tar.js:19:18:19:24 | tarFile | semmle.label | tarFile | +| node-tar.js:21:23:21:49 | Readabl ... e.data) | semmle.label | Readabl ... e.data) | +| node-tar.js:21:37:21:43 | tarFile | semmle.label | tarFile | +| node-tar.js:21:37:21:48 | tarFile.data | semmle.label | tarFile.data | +| node-tar.js:24:9:24:15 | tar.x() | semmle.label | tar.x() | +| node-tar.js:29:5:29:37 | fs.crea ... e.name) | semmle.label | fs.crea ... e.name) | +| node-tar.js:29:25:29:31 | tarFile | semmle.label | tarFile | +| node-tar.js:29:25:29:36 | tarFile.name | semmle.label | tarFile.name | +| node-tar.js:30:9:33:10 | tar.x({ ... }) | semmle.label | tar.x({ ... }) | +| node-tar.js:45:5:45:37 | fs.crea ... e.name) | semmle.label | fs.crea ... e.name) | +| node-tar.js:45:25:45:31 | tarFile | semmle.label | tarFile | +| node-tar.js:45:25:45:36 | tarFile.name | semmle.label | tarFile.name | +| node-tar.js:46:9:46:20 | decompressor | semmle.label | decompressor | +| node-tar.js:48:9:50:10 | tar.x({ ... }) | semmle.label | tar.x({ ... }) | +| node-tar.js:58:19:58:25 | tarFile | semmle.label | tarFile | +| node-tar.js:58:19:58:30 | tarFile.name | semmle.label | tarFile.name | +| node-tar.js:59:25:59:31 | tarFile | semmle.label | tarFile | +| node-tar.js:59:25:59:36 | tarFile.name | semmle.label | tarFile.name | +| pako.js:12:14:12:22 | req.files | semmle.label | req.files | +| pako.js:12:14:12:39 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| pako.js:13:14:13:22 | req.files | semmle.label | req.files | +| pako.js:13:14:13:39 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| pako.js:17:19:17:25 | zipFile | semmle.label | zipFile | +| pako.js:18:11:18:68 | myArray | semmle.label | myArray | +| pako.js:18:21:18:68 | Buffer. ... uffer)) | semmle.label | Buffer. ... uffer)) | +| pako.js:18:33:18:67 | new Uin ... buffer) | semmle.label | new Uin ... buffer) | +| pako.js:18:48:18:54 | zipFile | semmle.label | zipFile | +| pako.js:18:48:18:66 | zipFile.data.buffer | semmle.label | zipFile.data.buffer | +| pako.js:21:31:21:37 | myArray | semmle.label | myArray | +| pako.js:28:19:28:25 | zipFile | semmle.label | zipFile | +| pako.js:29:11:29:62 | myArray | semmle.label | myArray | +| pako.js:29:21:29:55 | new Uin ... buffer) | semmle.label | new Uin ... buffer) | +| pako.js:29:36:29:42 | zipFile | semmle.label | zipFile | +| pako.js:29:36:29:54 | zipFile.data.buffer | semmle.label | zipFile.data.buffer | +| pako.js:32:31:32:37 | myArray | semmle.label | myArray | +| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | semmle.label | fs.crea ... lePath) | +| unbzip2.js:12:25:12:42 | req.query.FilePath | semmle.label | req.query.FilePath | +| unbzip2.js:12:50:12:54 | bz2() | semmle.label | bz2() | +| unzipper.js:13:26:13:62 | Readabl ... e.data) | semmle.label | Readabl ... e.data) | +| unzipper.js:13:40:13:48 | req.files | semmle.label | req.files | +| unzipper.js:13:40:13:61 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| unzipper.js:16:23:16:63 | unzippe ... ath' }) | semmle.label | unzippe ... ath' }) | +| unzipper.js:19:23:19:41 | unzipper.ParseOne() | semmle.label | unzipper.ParseOne() | +| unzipper.js:24:15:24:30 | unzipper.Parse() | semmle.label | unzipper.Parse() | +| unzipper.js:34:15:34:30 | unzipper.Parse() | semmle.label | unzipper.Parse() | +| unzipper.js:41:35:41:71 | unzippe ... true }) | semmle.label | unzippe ... true }) | +| unzipper.js:51:36:51:72 | unzippe ... true }) | semmle.label | unzippe ... true }) | +| unzipper.js:60:23:60:38 | unzipper.Parse() | semmle.label | unzipper.Parse() | +| unzipper.js:73:23:73:38 | unzipper.Parse() | semmle.label | unzipper.Parse() | +| yauzl.js:12:18:12:26 | req.files | semmle.label | req.files | +| yauzl.js:12:18:12:39 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| yauzl.js:13:22:13:30 | req.files | semmle.label | req.files | +| yauzl.js:13:22:13:43 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| yauzl.js:14:34:14:42 | req.files | semmle.label | req.files | +| yauzl.js:14:34:14:55 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| yauzl.js:37:16:37:33 | req.query.filePath | semmle.label | req.query.filePath | +| yauzl.js:39:9:39:27 | zipfile.readEntry() | semmle.label | zipfile.readEntry() | +| yauzl.js:41:64:41:73 | readStream | semmle.label | readStream | +| yauzl.js:43:21:43:39 | zipfile.readEntry() | semmle.label | zipfile.readEntry() | +| zlib.js:15:19:15:27 | req.files | semmle.label | req.files | +| zlib.js:15:19:15:44 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| zlib.js:17:18:17:26 | req.files | semmle.label | req.files | +| zlib.js:17:18:17:43 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| zlib.js:19:24:19:32 | req.files | semmle.label | req.files | +| zlib.js:19:24:19:49 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| zlib.js:21:32:21:40 | req.files | semmle.label | req.files | +| zlib.js:21:32:21:57 | req.fil ... le.data | semmle.label | req.fil ... le.data | +| zlib.js:27:24:27:30 | zipFile | semmle.label | zipFile | +| zlib.js:29:9:29:15 | zipFile | semmle.label | zipFile | +| zlib.js:29:9:29:20 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:33:9:33:15 | zipFile | semmle.label | zipFile | +| zlib.js:33:9:33:20 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:38:9:38:15 | zipFile | semmle.label | zipFile | +| zlib.js:38:9:38:20 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:62:23:62:29 | zipFile | semmle.label | zipFile | +| zlib.js:63:21:63:27 | zipFile | semmle.label | zipFile | +| zlib.js:63:21:63:32 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:64:20:64:26 | zipFile | semmle.label | zipFile | +| zlib.js:64:20:64:31 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:65:31:65:37 | zipFile | semmle.label | zipFile | +| zlib.js:65:31:65:42 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:74:29:74:35 | zipFile | semmle.label | zipFile | +| zlib.js:75:25:75:51 | Readabl ... e.data) | semmle.label | Readabl ... e.data) | +| zlib.js:75:39:75:45 | zipFile | semmle.label | zipFile | +| zlib.js:75:39:75:50 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:77:22:77:40 | zlib.createGunzip() | semmle.label | zlib.createGunzip() | +| zlib.js:78:22:78:39 | zlib.createUnzip() | semmle.label | zlib.createUnzip() | +| zlib.js:79:22:79:50 | zlib.cr ... press() | semmle.label | zlib.cr ... press() | +| zlib.js:82:43:82:49 | zipFile | semmle.label | zipFile | +| zlib.js:83:11:83:51 | inputStream | semmle.label | inputStream | +| zlib.js:83:25:83:51 | Readabl ... e.data) | semmle.label | Readabl ... e.data) | +| zlib.js:83:39:83:45 | zipFile | semmle.label | zipFile | +| zlib.js:83:39:83:50 | zipFile.data | semmle.label | zipFile.data | +| zlib.js:86:9:86:19 | inputStream | semmle.label | inputStream | +| zlib.js:87:9:87:27 | zlib.createGunzip() | semmle.label | zlib.createGunzip() | +subpaths #select | adm-zip.js:28:25:28:42 | zipEntry.getData() | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:28:25:28:42 | zipEntry.getData() | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source | | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected index 20114c9aa53..e59b65d34b0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected @@ -1,442 +1,349 @@ nodes -| electron.js:4:12:4:22 | window.name | -| electron.js:4:12:4:22 | window.name | -| electron.js:7:20:7:29 | getTaint() | -| electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:37:27:37:29 | url | -| sanitizer.js:37:27:37:29 | url | -| tst2.js:2:7:2:33 | href | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:4:21:4:24 | href | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst12.js:3:9:3:50 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:4:9:4:45 | loc | -| tst12.js:4:15:4:22 | urlParts | -| tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:5:23:5:25 | loc | -| tst12.js:5:23:5:25 | loc | -| tst13.js:2:9:2:52 | payload | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:4:15:4:21 | payload | -| tst13.js:4:15:4:21 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:49:32:49:32 | e | -| tst13.js:49:32:49:32 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:61:18:61:24 | payload | -| tst13.js:61:18:61:24 | payload | -| tst13.js:65:9:65:49 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:67:21:67:27 | payload | -| tst13.js:67:21:67:27 | payload | -| tst13.js:72:9:72:49 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:74:21:74:27 | payload | -| tst13.js:74:21:74:27 | payload | -| tst13.js:78:9:78:48 | url | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:80:21:80:23 | url | -| tst13.js:80:21:80:23 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:83:22:83:24 | url | -| tst13.js:83:22:83:24 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:26:22:26:79 | new Reg ... n.href) | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | -| tst.js:26:62:26:78 | win.location.href | -| typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:5:25:5:30 | params | -| typed.ts:7:24:7:34 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:28:24:28:34 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:51:24:51:34 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | semmle.label | window.name | +| electron.js:7:20:7:29 | getTaint() | semmle.label | getTaint() | +| react.js:10:60:10:81 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:10:60:10:91 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:23:19:23:40 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:23:19:23:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:31:43:31:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:31:43:31:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:37:43:37:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:37:43:37:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:43:19:43:40 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:43:19:43:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| regexp-exec.js:4:11:4:20 | [, group1] | semmle.label | [, group1] | +| regexp-exec.js:4:11:4:57 | group1 | semmle.label | group1 | +| regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | semmle.label | /#(.*)/ ... n.href) | +| regexp-exec.js:4:37:4:56 | window.location.href | semmle.label | window.location.href | +| regexp-exec.js:5:28:5:33 | group1 | semmle.label | group1 | +| regexp-exec.js:9:11:9:20 | [, group1] | semmle.label | [, group1] | +| regexp-exec.js:9:11:9:58 | group1 | semmle.label | group1 | +| regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | semmle.label | /\\?(.*) ... n.href) | +| regexp-exec.js:9:38:9:57 | window.location.href | semmle.label | window.location.href | +| regexp-exec.js:10:28:10:33 | group1 | semmle.label | group1 | +| regexp-exec.js:29:11:29:20 | [, group1] | semmle.label | [, group1] | +| regexp-exec.js:29:11:29:58 | group1 | semmle.label | group1 | +| regexp-exec.js:29:24:29:43 | window.location.href | semmle.label | window.location.href | +| regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | semmle.label | window. ... #(.*)/) | +| regexp-exec.js:30:28:30:33 | group1 | semmle.label | group1 | +| regexp-exec.js:34:11:34:20 | [, group1] | semmle.label | [, group1] | +| regexp-exec.js:34:11:34:64 | group1 | semmle.label | group1 | +| regexp-exec.js:34:24:34:43 | window.location.href | semmle.label | window.location.href | +| regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | semmle.label | window. ... #(.*)/) | +| regexp-exec.js:35:28:35:33 | group1 | semmle.label | group1 | +| regexp-exec.js:39:11:39:20 | [, group1] | semmle.label | [, group1] | +| regexp-exec.js:39:11:39:71 | group1 | semmle.label | group1 | +| regexp-exec.js:39:24:39:71 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| regexp-exec.js:39:51:39:70 | window.location.href | semmle.label | window.location.href | +| regexp-exec.js:40:28:40:33 | group1 | semmle.label | group1 | +| sanitizer.js:2:9:2:25 | url | semmle.label | url | +| sanitizer.js:2:15:2:25 | window.name | semmle.label | window.name | +| sanitizer.js:4:27:4:29 | url | semmle.label | url | +| sanitizer.js:16:27:16:29 | url | semmle.label | url | +| sanitizer.js:19:27:19:29 | url | semmle.label | url | +| sanitizer.js:22:27:22:29 | url | semmle.label | url | +| sanitizer.js:25:27:25:29 | url | semmle.label | url | +| sanitizer.js:28:27:28:29 | url | semmle.label | url | +| sanitizer.js:31:27:31:29 | url | semmle.label | url | +| sanitizer.js:37:27:37:29 | url | semmle.label | url | +| tst2.js:2:7:2:33 | href | semmle.label | href | +| tst2.js:2:14:2:33 | window.location.href | semmle.label | window.location.href | +| tst2.js:4:21:4:24 | href | semmle.label | href | +| tst2.js:4:21:4:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) | +| tst6.js:2:7:2:45 | redirect | semmle.label | redirect | +| tst6.js:2:18:2:45 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:4:21:4:28 | redirect | semmle.label | redirect | +| tst6.js:6:17:6:24 | redirect | semmle.label | redirect | +| tst6.js:8:21:8:48 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:8:21:8:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" | +| tst7.js:2:12:2:35 | documen ... .search | semmle.label | documen ... .search | +| tst7.js:2:12:2:48 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst7.js:5:27:5:50 | documen ... .search | semmle.label | documen ... .search | +| tst7.js:5:27:5:63 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst9.js:2:21:2:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst9.js:2:21:2:55 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:5:17:5:59 | '/' + d ... ring(1) | semmle.label | '/' + d ... ring(1) | +| tst10.js:5:23:5:46 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:5:23:5:59 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:8:17:8:60 | '//' + ... ring(1) | semmle.label | '//' + ... ring(1) | +| tst10.js:8:24:8:47 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:8:24:8:60 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:11:17:11:63 | '//foo' ... ring(1) | semmle.label | '//foo' ... ring(1) | +| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:11:27:11:63 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:14:17:14:69 | 'https: ... ring(1) | semmle.label | 'https: ... ring(1) | +| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:14:33:14:69 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst13.js:2:9:2:52 | payload | semmle.label | payload | +| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:4:15:4:21 | payload | semmle.label | payload | +| tst13.js:8:21:8:27 | payload | semmle.label | payload | +| tst13.js:12:14:12:20 | payload | semmle.label | payload | +| tst13.js:16:17:16:23 | payload | semmle.label | payload | +| tst13.js:20:14:20:20 | payload | semmle.label | payload | +| tst13.js:24:14:24:20 | payload | semmle.label | payload | +| tst13.js:28:21:28:27 | payload | semmle.label | payload | +| tst13.js:32:17:32:23 | payload | semmle.label | payload | +| tst13.js:36:21:36:27 | payload | semmle.label | payload | +| tst13.js:40:15:40:21 | payload | semmle.label | payload | +| tst13.js:44:14:44:20 | payload | semmle.label | payload | +| tst13.js:49:32:49:32 | e | semmle.label | e | +| tst13.js:50:23:50:23 | e | semmle.label | e | +| tst13.js:52:34:52:34 | e | semmle.label | e | +| tst13.js:53:28:53:28 | e | semmle.label | e | +| tst13.js:59:9:59:52 | payload | semmle.label | payload | +| tst13.js:59:19:59:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:59:19:59:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:61:18:61:24 | payload | semmle.label | payload | +| tst13.js:65:9:65:49 | payload | semmle.label | payload | +| tst13.js:65:19:65:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:65:19:65:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:67:21:67:27 | payload | semmle.label | payload | +| tst13.js:72:9:72:49 | payload | semmle.label | payload | +| tst13.js:72:19:72:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:72:19:72:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:74:21:74:27 | payload | semmle.label | payload | +| tst13.js:78:9:78:48 | url | semmle.label | url | +| tst13.js:78:15:78:38 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:78:15:78:48 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:80:21:80:23 | url | semmle.label | url | +| tst13.js:81:28:81:30 | url | semmle.label | url | +| tst13.js:82:27:82:29 | url | semmle.label | url | +| tst13.js:83:22:83:24 | url | semmle.label | url | +| tst15.js:2:9:2:42 | url | semmle.label | url | +| tst15.js:2:15:2:31 | document.location | semmle.label | document.location | +| tst15.js:2:15:2:42 | documen ... tring() | semmle.label | documen ... tring() | +| tst15.js:3:23:3:25 | url | semmle.label | url | +| tst15.js:3:23:3:38 | url.substring(0) | semmle.label | url.substring(0) | +| tst15.js:3:23:3:51 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) | +| tst15.js:4:23:4:25 | url | semmle.label | url | +| tst15.js:4:23:4:42 | url.substring(0, 10) | semmle.label | url.substring(0, 10) | +| tst15.js:4:23:4:55 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) | +| tst15.js:5:23:5:25 | url | semmle.label | url | +| tst15.js:5:23:5:60 | url.sub ... ', 10)) | semmle.label | url.sub ... ', 10)) | +| tst15.js:5:23:5:73 | url.sub ... ring(1) | semmle.label | url.sub ... ring(1) | +| tst15.js:7:9:7:43 | url2 | semmle.label | url2 | +| tst15.js:7:16:7:32 | document.location | semmle.label | document.location | +| tst15.js:7:16:7:43 | documen ... tring() | semmle.label | documen ... tring() | +| tst15.js:8:23:8:26 | url2 | semmle.label | url2 | +| tst15.js:8:23:8:39 | url2.substring(0) | semmle.label | url2.substring(0) | +| tst15.js:8:23:8:60 | url2.su ... nown()) | semmle.label | url2.su ... nown()) | +| tst15.js:9:23:9:26 | url2 | semmle.label | url2 | +| tst15.js:9:23:9:43 | url2.su ... (0, 10) | semmle.label | url2.su ... (0, 10) | +| tst15.js:9:23:9:64 | url2.su ... nown()) | semmle.label | url2.su ... nown()) | +| tst15.js:10:23:10:26 | url2 | semmle.label | url2 | +| tst15.js:10:23:10:62 | url2.su ... ', 10)) | semmle.label | url2.su ... ', 10)) | +| tst15.js:10:23:10:83 | url2.su ... nown()) | semmle.label | url2.su ... nown()) | +| tst15.js:12:9:12:52 | search | semmle.label | search | +| tst15.js:12:18:12:41 | documen ... .search | semmle.label | documen ... .search | +| tst15.js:12:18:12:52 | documen ... tring() | semmle.label | documen ... tring() | +| tst15.js:13:23:13:28 | search | semmle.label | search | +| tst15.js:13:23:13:41 | search.substring(0) | semmle.label | search.substring(0) | +| tst15.js:13:23:13:54 | search. ... ring(1) | semmle.label | search. ... ring(1) | +| tst15.js:14:23:14:28 | search | semmle.label | search | +| tst15.js:14:23:14:45 | search. ... (0, 10) | semmle.label | search. ... (0, 10) | +| tst15.js:14:23:14:58 | search. ... ring(1) | semmle.label | search. ... ring(1) | +| tst15.js:15:23:15:28 | search | semmle.label | search | +| tst15.js:15:23:15:66 | search. ... ', 10)) | semmle.label | search. ... ', 10)) | +| tst15.js:15:23:15:79 | search. ... ring(1) | semmle.label | search. ... ring(1) | +| tst.js:2:19:2:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) | +| tst.js:2:19:2:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] | +| tst.js:2:47:2:68 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:6:20:6:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:6:20:6:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:6:34:6:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:10:19:10:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:10:19:10:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:10:59:10:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:14:20:14:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:14:20:14:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:14:34:14:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:18:19:18:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:18:19:18:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:18:59:18:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:22:20:22:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:22:20:22:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:22:34:22:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href | +| typed.ts:4:13:4:49 | params | semmle.label | params | +| typed.ts:4:22:4:36 | location.search | semmle.label | location.search | +| typed.ts:4:22:4:49 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| typed.ts:5:25:5:30 | params | semmle.label | params | +| typed.ts:7:24:7:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:8:33:8:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:25:25:25:34 | loc.search | semmle.label | loc.search | +| typed.ts:25:25:25:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) | +| typed.ts:28:24:28:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:29:33:29:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:47:25:47:34 | loc.search | semmle.label | loc.search | +| typed.ts:47:25:47:47 | loc.sea ... ring(1) | semmle.label | loc.sea ... ring(1) | +| typed.ts:48:26:48:36 | loc2.search | semmle.label | loc2.search | +| typed.ts:48:26:48:49 | loc2.se ... ring(1) | semmle.label | loc2.se ... ring(1) | +| typed.ts:51:24:51:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:52:33:52:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri | +| typed.ts:56:33:56:43 | redirectUri | semmle.label | redirectUri | edges -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | -| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:15:4:22 | urlParts | tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:4:15:4:45 | urlPart ... s.value | tst12.js:4:9:4:45 | loc | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | -| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | provenance | | +| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:91 | documen ... bstr(1) | provenance | Config | +| react.js:23:19:23:40 | documen ... on.hash | react.js:23:19:23:50 | documen ... bstr(1) | provenance | Config | +| react.js:31:43:31:64 | documen ... on.hash | react.js:31:43:31:74 | documen ... bstr(1) | provenance | Config | +| react.js:37:43:37:64 | documen ... on.hash | react.js:37:43:37:74 | documen ... bstr(1) | provenance | Config | +| react.js:43:19:43:40 | documen ... on.hash | react.js:43:19:43:50 | documen ... bstr(1) | provenance | Config | +| regexp-exec.js:4:11:4:20 | [, group1] | regexp-exec.js:4:11:4:57 | group1 | provenance | | +| regexp-exec.js:4:11:4:57 | group1 | regexp-exec.js:5:28:5:33 | group1 | provenance | | +| regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | regexp-exec.js:4:11:4:20 | [, group1] | provenance | | +| regexp-exec.js:4:37:4:56 | window.location.href | regexp-exec.js:4:24:4:57 | /#(.*)/ ... n.href) | provenance | Config | +| regexp-exec.js:9:11:9:20 | [, group1] | regexp-exec.js:9:11:9:58 | group1 | provenance | | +| regexp-exec.js:9:11:9:58 | group1 | regexp-exec.js:10:28:10:33 | group1 | provenance | | +| regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | regexp-exec.js:9:11:9:20 | [, group1] | provenance | | +| regexp-exec.js:9:38:9:57 | window.location.href | regexp-exec.js:9:24:9:58 | /\\?(.*) ... n.href) | provenance | Config | +| regexp-exec.js:29:11:29:20 | [, group1] | regexp-exec.js:29:11:29:58 | group1 | provenance | | +| regexp-exec.js:29:11:29:58 | group1 | regexp-exec.js:30:28:30:33 | group1 | provenance | | +| regexp-exec.js:29:24:29:43 | window.location.href | regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | provenance | Config | +| regexp-exec.js:29:24:29:58 | window. ... #(.*)/) | regexp-exec.js:29:11:29:20 | [, group1] | provenance | | +| regexp-exec.js:34:11:34:20 | [, group1] | regexp-exec.js:34:11:34:64 | group1 | provenance | | +| regexp-exec.js:34:11:34:64 | group1 | regexp-exec.js:35:28:35:33 | group1 | provenance | | +| regexp-exec.js:34:24:34:43 | window.location.href | regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | provenance | Config | +| regexp-exec.js:34:24:34:61 | window. ... #(.*)/) | regexp-exec.js:34:11:34:20 | [, group1] | provenance | | +| regexp-exec.js:39:11:39:20 | [, group1] | regexp-exec.js:39:11:39:71 | group1 | provenance | | +| regexp-exec.js:39:11:39:71 | group1 | regexp-exec.js:40:28:40:33 | group1 | provenance | | +| regexp-exec.js:39:24:39:71 | new Reg ... n.href) | regexp-exec.js:39:11:39:20 | [, group1] | provenance | | +| regexp-exec.js:39:51:39:70 | window.location.href | regexp-exec.js:39:24:39:71 | new Reg ... n.href) | provenance | Config | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | provenance | | +| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | provenance | | +| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | provenance | | +| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | provenance | | +| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | provenance | Config | +| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | provenance | | +| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | provenance | | +| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | provenance | | +| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | provenance | | +| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | provenance | Config | +| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | provenance | Config | +| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | provenance | Config | +| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:23:5:59 | documen ... ring(1) | provenance | Config | +| tst10.js:5:23:5:59 | documen ... ring(1) | tst10.js:5:17:5:59 | '/' + d ... ring(1) | provenance | | +| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:24:8:60 | documen ... ring(1) | provenance | Config | +| tst10.js:8:24:8:60 | documen ... ring(1) | tst10.js:8:17:8:60 | '//' + ... ring(1) | provenance | | +| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:27:11:63 | documen ... ring(1) | provenance | Config | +| tst10.js:11:27:11:63 | documen ... ring(1) | tst10.js:11:17:11:63 | '//foo' ... ring(1) | provenance | | +| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:33:14:69 | documen ... ring(1) | provenance | Config | +| tst10.js:14:33:14:69 | documen ... ring(1) | tst10.js:14:17:14:69 | 'https: ... ring(1) | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | provenance | | +| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | provenance | Config | +| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | provenance | | +| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | provenance | | +| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | provenance | | +| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | provenance | | +| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | provenance | Config | +| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | provenance | | +| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | provenance | | +| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | provenance | | +| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | provenance | | +| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | provenance | | +| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | provenance | | +| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | provenance | | +| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | provenance | Config | +| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | provenance | | +| tst15.js:2:9:2:42 | url | tst15.js:3:23:3:25 | url | provenance | | +| tst15.js:2:9:2:42 | url | tst15.js:4:23:4:25 | url | provenance | | +| tst15.js:2:9:2:42 | url | tst15.js:5:23:5:25 | url | provenance | | +| tst15.js:2:15:2:31 | document.location | tst15.js:2:15:2:42 | documen ... tring() | provenance | | +| tst15.js:2:15:2:42 | documen ... tring() | tst15.js:2:9:2:42 | url | provenance | | +| tst15.js:3:23:3:25 | url | tst15.js:3:23:3:38 | url.substring(0) | provenance | | +| tst15.js:3:23:3:38 | url.substring(0) | tst15.js:3:23:3:51 | url.sub ... ring(1) | provenance | Config | +| tst15.js:4:23:4:25 | url | tst15.js:4:23:4:42 | url.substring(0, 10) | provenance | | +| tst15.js:4:23:4:42 | url.substring(0, 10) | tst15.js:4:23:4:55 | url.sub ... ring(1) | provenance | Config | +| tst15.js:5:23:5:25 | url | tst15.js:5:23:5:60 | url.sub ... ', 10)) | provenance | | +| tst15.js:5:23:5:60 | url.sub ... ', 10)) | tst15.js:5:23:5:73 | url.sub ... ring(1) | provenance | Config | +| tst15.js:7:9:7:43 | url2 | tst15.js:8:23:8:26 | url2 | provenance | | +| tst15.js:7:9:7:43 | url2 | tst15.js:9:23:9:26 | url2 | provenance | | +| tst15.js:7:9:7:43 | url2 | tst15.js:10:23:10:26 | url2 | provenance | | +| tst15.js:7:16:7:32 | document.location | tst15.js:7:16:7:43 | documen ... tring() | provenance | | +| tst15.js:7:16:7:43 | documen ... tring() | tst15.js:7:9:7:43 | url2 | provenance | | +| tst15.js:8:23:8:26 | url2 | tst15.js:8:23:8:39 | url2.substring(0) | provenance | | +| tst15.js:8:23:8:39 | url2.substring(0) | tst15.js:8:23:8:60 | url2.su ... nown()) | provenance | Config | +| tst15.js:9:23:9:26 | url2 | tst15.js:9:23:9:43 | url2.su ... (0, 10) | provenance | | +| tst15.js:9:23:9:43 | url2.su ... (0, 10) | tst15.js:9:23:9:64 | url2.su ... nown()) | provenance | Config | +| tst15.js:10:23:10:26 | url2 | tst15.js:10:23:10:62 | url2.su ... ', 10)) | provenance | | +| tst15.js:10:23:10:62 | url2.su ... ', 10)) | tst15.js:10:23:10:83 | url2.su ... nown()) | provenance | Config | +| tst15.js:12:9:12:52 | search | tst15.js:13:23:13:28 | search | provenance | | +| tst15.js:12:9:12:52 | search | tst15.js:14:23:14:28 | search | provenance | | +| tst15.js:12:9:12:52 | search | tst15.js:15:23:15:28 | search | provenance | | +| tst15.js:12:18:12:41 | documen ... .search | tst15.js:12:18:12:52 | documen ... tring() | provenance | | +| tst15.js:12:18:12:52 | documen ... tring() | tst15.js:12:9:12:52 | search | provenance | | +| tst15.js:13:23:13:28 | search | tst15.js:13:23:13:41 | search.substring(0) | provenance | | +| tst15.js:13:23:13:41 | search.substring(0) | tst15.js:13:23:13:54 | search. ... ring(1) | provenance | Config | +| tst15.js:14:23:14:28 | search | tst15.js:14:23:14:45 | search. ... (0, 10) | provenance | | +| tst15.js:14:23:14:45 | search. ... (0, 10) | tst15.js:14:23:14:58 | search. ... ring(1) | provenance | Config | +| tst15.js:15:23:15:28 | search | tst15.js:15:23:15:66 | search. ... ', 10)) | provenance | | +| tst15.js:15:23:15:66 | search. ... ', 10)) | tst15.js:15:23:15:79 | search. ... ring(1) | provenance | Config | +| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | provenance | | +| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | provenance | Config | +| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | provenance | | +| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | provenance | Config | +| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | provenance | | +| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | provenance | Config | +| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | provenance | | +| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | provenance | Config | +| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | provenance | | +| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | provenance | Config | +| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | provenance | | +| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config | +| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | | +| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config | +| typed.ts:4:13:4:49 | params | typed.ts:5:25:5:30 | params | provenance | | +| typed.ts:4:22:4:36 | location.search | typed.ts:4:22:4:49 | locatio ... ring(1) | provenance | Config | +| typed.ts:4:22:4:49 | locatio ... ring(1) | typed.ts:4:13:4:49 | params | provenance | | +| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | provenance | | +| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | provenance | | +| typed.ts:25:25:25:34 | loc.search | typed.ts:25:25:25:47 | loc.sea ... ring(1) | provenance | Config | +| typed.ts:25:25:25:47 | loc.sea ... ring(1) | typed.ts:28:24:28:34 | redirectUri | provenance | | +| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | provenance | | +| typed.ts:47:25:47:34 | loc.search | typed.ts:47:25:47:47 | loc.sea ... ring(1) | provenance | Config | +| typed.ts:47:25:47:47 | loc.sea ... ring(1) | typed.ts:51:24:51:34 | redirectUri | provenance | | +| typed.ts:48:26:48:36 | loc2.search | typed.ts:48:26:48:49 | loc2.se ... ring(1) | provenance | Config | +| typed.ts:48:26:48:49 | loc2.se ... ring(1) | typed.ts:55:25:55:35 | redirectUri | provenance | | +| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | provenance | | +| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | provenance | | +subpaths #select | electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value | -| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value | -| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:21:24:21:45 | documen ... on.hash | user-provided value | -| react.js:28:43:28:74 | documen ... bstr(1) | react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:28:43:28:64 | documen ... on.hash | user-provided value | -| react.js:34:43:34:74 | documen ... bstr(1) | react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:34:43:34:64 | documen ... on.hash | user-provided value | -| react.js:40:19:40:50 | documen ... bstr(1) | react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:40:19:40:40 | documen ... on.hash | user-provided value | +| react.js:10:60:10:91 | documen ... bstr(1) | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:91 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value | +| react.js:23:19:23:50 | documen ... bstr(1) | react.js:23:19:23:40 | documen ... on.hash | react.js:23:19:23:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:23:19:23:40 | documen ... on.hash | user-provided value | +| react.js:31:43:31:74 | documen ... bstr(1) | react.js:31:43:31:64 | documen ... on.hash | react.js:31:43:31:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:31:43:31:64 | documen ... on.hash | user-provided value | +| react.js:37:43:37:74 | documen ... bstr(1) | react.js:37:43:37:64 | documen ... on.hash | react.js:37:43:37:74 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:37:43:37:64 | documen ... on.hash | user-provided value | +| react.js:43:19:43:50 | documen ... bstr(1) | react.js:43:19:43:40 | documen ... on.hash | react.js:43:19:43:50 | documen ... bstr(1) | Untrusted URL redirection depends on a $@. | react.js:43:19:43:40 | documen ... on.hash | user-provided value | +| regexp-exec.js:5:28:5:33 | group1 | regexp-exec.js:4:37:4:56 | window.location.href | regexp-exec.js:5:28:5:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:4:37:4:56 | window.location.href | user-provided value | +| regexp-exec.js:10:28:10:33 | group1 | regexp-exec.js:9:38:9:57 | window.location.href | regexp-exec.js:10:28:10:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:9:38:9:57 | window.location.href | user-provided value | +| regexp-exec.js:30:28:30:33 | group1 | regexp-exec.js:29:24:29:43 | window.location.href | regexp-exec.js:30:28:30:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:29:24:29:43 | window.location.href | user-provided value | +| regexp-exec.js:35:28:35:33 | group1 | regexp-exec.js:34:24:34:43 | window.location.href | regexp-exec.js:35:28:35:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:34:24:34:43 | window.location.href | user-provided value | +| regexp-exec.js:40:28:40:33 | group1 | regexp-exec.js:39:51:39:70 | window.location.href | regexp-exec.js:40:28:40:33 | group1 | Untrusted URL redirection depends on a $@. | regexp-exec.js:39:51:39:70 | window.location.href | user-provided value | | sanitizer.js:4:27:4:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:4:27:4:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:16:27:16:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:16:27:16:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:19:27:19:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:19:27:19:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | @@ -445,19 +352,17 @@ edges | sanitizer.js:28:27:28:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:28:27:28:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:28 | window.location | user-provided value | | tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value | | tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | | tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | | tst6.js:8:21:8:56 | $locati ... + "foo" | tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | Untrusted URL redirection depends on a $@. | tst6.js:8:21:8:48 | $locati ... irect') | user-provided value | -| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | Untrusted URL redirection depends on a $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value | -| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | Untrusted URL redirection depends on a $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value | +| tst7.js:2:12:2:48 | documen ... ring(1) | tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:48 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:2:12:2:35 | documen ... .search | user-provided value | +| tst7.js:5:27:5:63 | documen ... ring(1) | tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:63 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst7.js:5:27:5:50 | documen ... .search | user-provided value | | tst9.js:2:21:2:55 | documen ... ring(1) | tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | Untrusted URL redirection depends on a $@. | tst9.js:2:21:2:42 | documen ... on.hash | user-provided value | -| tst10.js:5:17:5:46 | '/' + d ... .search | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | Untrusted URL redirection depends on a $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value | -| tst10.js:8:17:8:47 | '//' + ... .search | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value | -| tst10.js:11:17:11:50 | '//foo' ... .search | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value | -| tst10.js:14:17:14:56 | 'https: ... .search | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value | -| tst12.js:5:23:5:25 | loc | tst12.js:3:20:3:39 | window.location.hash | tst12.js:5:23:5:25 | loc | Untrusted URL redirection depends on a $@. | tst12.js:3:20:3:39 | window.location.hash | user-provided value | +| tst10.js:5:17:5:59 | '/' + d ... ring(1) | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:59 | '/' + d ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:5:23:5:46 | documen ... .search | user-provided value | +| tst10.js:8:17:8:60 | '//' + ... ring(1) | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:60 | '//' + ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:8:24:8:47 | documen ... .search | user-provided value | +| tst10.js:11:17:11:63 | '//foo' ... ring(1) | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:63 | '//foo' ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:11:27:11:50 | documen ... .search | user-provided value | +| tst10.js:14:17:14:69 | 'https: ... ring(1) | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:69 | 'https: ... ring(1) | Untrusted URL redirection depends on a $@. | tst10.js:14:33:14:56 | documen ... .search | user-provided value | | tst13.js:4:15:4:21 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:4:15:4:21 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value | | tst13.js:8:21:8:27 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:8:21:8:27 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value | | tst13.js:12:14:12:20 | payload | tst13.js:2:19:2:42 | documen ... .search | tst13.js:12:14:12:20 | payload | Untrusted URL redirection depends on a $@. | tst13.js:2:19:2:42 | documen ... .search | user-provided value | @@ -478,17 +383,20 @@ edges | tst13.js:81:28:81:30 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:81:28:81:30 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:82:27:82:29 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:82:27:82:29 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:83:22:83:24 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:83:22:83:24 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:63 | document.location | user-provided value | +| tst15.js:3:23:3:51 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:3:23:3:51 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value | +| tst15.js:4:23:4:55 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:4:23:4:55 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value | +| tst15.js:5:23:5:73 | url.sub ... ring(1) | tst15.js:2:15:2:31 | document.location | tst15.js:5:23:5:73 | url.sub ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:2:15:2:31 | document.location | user-provided value | +| tst15.js:8:23:8:60 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:8:23:8:60 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value | +| tst15.js:9:23:9:64 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:9:23:9:64 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value | +| tst15.js:10:23:10:83 | url2.su ... nown()) | tst15.js:7:16:7:32 | document.location | tst15.js:10:23:10:83 | url2.su ... nown()) | Untrusted URL redirection depends on a $@. | tst15.js:7:16:7:32 | document.location | user-provided value | +| tst15.js:13:23:13:54 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:13:23:13:54 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value | +| tst15.js:14:23:14:58 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:14:23:14:58 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value | +| tst15.js:15:23:15:79 | search. ... ring(1) | tst15.js:12:18:12:41 | documen ... .search | tst15.js:15:23:15:79 | search. ... ring(1) | Untrusted URL redirection depends on a $@. | tst15.js:12:18:12:41 | documen ... .search | user-provided value | | tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value | -| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:50 | document.location | user-provided value | | tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:75 | document.location | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:75 | document.location | user-provided value | | tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value | -| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:50 | document.location | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:50 | document.location | user-provided value | | tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:75 | document.location | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:75 | document.location | user-provided value | | tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value | -| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:50 | document.location | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:50 | document.location | user-provided value | | tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value | | tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value | | typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.ql new file mode 100644 index 00000000000..e02e59dcb19 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/Consistency.ql @@ -0,0 +1,9 @@ +import javascript +import semmle.javascript.security.dataflow.ClientSideUrlRedirectQuery +import utils.test.ConsistencyChecking + +deprecated class ClientSideUrlRedirectConsistency extends ConsistencyConfiguration { + ClientSideUrlRedirectConsistency() { this = "ClientSideUrlRedirectConsistency" } + + override DataFlow::Node getAnAlert() { ClientSideUrlRedirectFlow::flowTo(result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/react.js b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/react.js index aebb65defc8..6206ec73305 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/react.js +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/react.js @@ -1,13 +1,13 @@ import React from "react"; import {Helmet} from "react-helmet"; - + class Application extends React.Component { render () { return (
    My unsafe app -